apic-em platform update - cisco.com · this section configures egress buffers and ... mls qos...
TRANSCRIPT
APIC-EM Platform – App Modularity
Until APIC-EM 1.2
Cisco Applications are- developed independently- packaged and deployed with APIC-EM
IWAN
EasyQoS
PnP
Path Trace
Lifecycle Mgmt.
Integrity Verification
From APIC-EM 1.3
Cisco Applications are- developed independently- deployed on demand
Going Forward
- Descriptive Service Model- DNA Center Integration- DNA Analytics Integration
x
APIC-EM 1.x Footprint
• Lower Footprint (32GB)
• Dynamic Sizing based on Scale
• Horizontal and Vertical Performance Scaling
• Support for 64, 128GB nodes
• Support for clustering of up to 3 nodes
x32 GB6 vCPU
250 Wired Devices250 Wireless Devices6k Hosts
x32 GB6 vCPU
10k Wired Devices10k Wireless Devices100k Hosts
As load increases…
Policy Service: EasyQoS
Enhance Collaboration Experience
300% 50%Reduction in
voice jitter
Video quality
improves
No Operator Intervention
”
The EasyQoS App reduces deployment times
for network-wide QoS dramatically. We can
now respond to changing application needs via
policy-based automation within minutes or even
seconds.
“
Select from Predefined
Policies
AutomatedDeployment
of QoS config
Optimized for Any
Infrastructure
Cisco ONE
Foundation
Edeka
Lower Costs & Complexity
Deploy changes: Months to Minutes
Thousands in cost savings
EasyQoSApplication QoS
Wireless APTrust Boundary
PEP4Q (WMM)
Catalyst 3650Trust Boundary
PEP2P6Q3T
Catalyst 45001P7Q1T
Catalyst 65001P3Q4T1P7Q4T2P6Q4T
…
Nexus 7700F3: 1P7Q1T
WLCPEP
ASR/ISRsMQC
Catalyst 2960-XTrust Boundary
PEP1P3Q3T
Wireless APTrust Boundary
PEP4Q (WMM)
EM
Applications can interact with APIC-EM via Northbound APIs, informing the network of application-specific and dynamic QoS requirements
Southbound APIs translate business-intent to platform-specific configurations
Network Operators express high-level business-intent to APIC-EM EasyQoS
77© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
EM
EasyQoS will seamlessly interconnect all types of hardware and software queuing models to achieve consistent and compatible end-to-end treatments aligned with the expressed business-intent
EasyQoSApplication QoS- Deploy End-to-End DSCP based Queueing Policies
ip access-list extended APIC_EM-VOICE-ACLpermit ip host 10.0.0.10 any dscp efexitip access-list extended APIC_EM-BROADCAST-ACLpermit ip host 10.0.0.20 any dscp cs5exitip access-list extended APIC_EM-REALTIME-ACLpermit ip host 10.0.0.30 any dscp cs4exitip access-list extended APIC_EM-MM_CONF-ACLpermit ip host 10.0.0.10 any dscp af41exit…
Catalyst Switch Access-Layer PEP Static Endpoint ACLs
Populated with static endpoints (discovered by the APIC-EM Inventory Service):
• Cisco IP Phones
• Cisco IP Video Surveillance Cameras
• Cisco TelePresence Systems
• Cisco IP Video Phones
BRKRST-2046 12
How Can Apps Be Classified at Campus LAN PEPs?
Google Search: “NBAR Protocol Pack”
Cisco Protocol Pack Library: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/nbar-prot-pack-library.html
Protocol Pack 21: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/pp2100/nbar-prot-pack2100.html
13
How Can Apps be Classified in the Campus LAN?
<protocol><attributes><application-group>other</application-group><business-relevance>business-relevant</business-relevance><category>business-and-productivity-tools</category><encrypted>false</encrypted><p2p-technology>false</p2p-technology><sub-category>desktop-virtualization</sub-category><traffic-class>multimedia-streaming</traffic-class><tunnel>false</tunnel>
</attributes><common-name>Citrix Static</common-name><enabled>true</enabled><engine-id>3</engine-id><global-id>L4:1604</global-id><help-string>Citrix Static</help-string><id>1433</id><ip-version><ipv4>true</ipv4><ipv6>true</ipv6>
</ip-version><long-description>Citrix is an application that mediates users remotely to their corporate applications. ICA: Independed Computing Architecture is a designated protocol for application server system; it is used for transferring data between clients and servers…<name>citrix-static</name><ports><tcp>1494,1604,2512,2513,2598</tcp><udp>1604,2512,2513</udp></ports><indicative-ports><tcp>1494,1604,2512,2513,2598</tcp><udp>1604,2512,2513</udp>
</indicative-ports><references>http://www.citrix.com/site/resources/dynamic/additional/ICA_Acceleration_0709a.pdf</references><commonly-used>7</commonly-used><selector-id>1604</selector-id><underlying-protocols>tcp,udp</underlying-protocols>
</protocol>
remark citrix-static
permit tcp any any eq 1494
permit tcp any any eq 1604
permit tcp any any range 2512 2513
permit tcp any any eq 2598
- Citrix Static
ip access-list extended CONTROLLER-MULTIMEDIA-STREAMING-ACL
…
permit udp any any eq 1604
permit udp any any range 2512 2513
Note: EasyQoS must maintain an ACE Count by Appe.g. citrix-static: 6 ACEs (TCAMs)
BRKRST-204614
LAN Marking Policy Summary ExampleClasses and ACEs Required at Access LAN Edge
• Voice (dynamic): 96 ACEs per switch / module (1 IP Phone + 1 PC)
• Video (dynamic): 96 ACEs per switch / module (1 IP Phone + 1 PC)
• Broadcast Video: N/A
• Real-Time Interactive N/A
• Network Control: N/A
• Signaling: 10 Protocols / 26 ACEs
• OAM: 50 Protocols / 98 ACEs
• Multimedia Streaming: 6 Apps / 19 ACEs
• Transactional Data: 45 Apps / 94 ACEs
• Bulk Data: 48 Apps / 99 ACEs
• Scavenger: 50 Apps / 108 ACEs
• CAPWAP 2 Protocols / 2 ACEs
TOTAL: 213 Apps / 638 ACEsBRKRST-204615
Switch LAN-Edge PEP Policy Workflow
TCAMs Available for Traffic-Class?
Note: Per-Platform TCAM Limits for QoS Pre-Programmed into APIC-EM + Confirmed before DeploymentTCAMs
Available for QoS?
Start Deployment
Note: Remaining Apps to be Pre-Sorted by:1) Popularity Attribute2) Alphabetically
Redistribute remaining TCAMs Across Traffic-Classes and Process Each Traffic Class
Have All Custom Apps Been Processed?Yes
Deploy ACE(s) For Next L4-App From
Custom AppsNo
Yes
Continue to Next App
Have All Favorite Apps Been Processed?
NoIs the App Voice
or Video?
No
Yes
Any (More) TCP or UDP Ports?
TCP Port 80, 443, 8080,
etc.?
ID App as L4-App + Construct ACE(s)
YesNo
No
Have All Remaining Apps Been Processed?
NoIs the App Voice
or Video?Yes
Continue to Next App
Any (More) TCP or UDP Ports?
TCP Port 80, 443, 8080,
etc.?
ID App as L4-App + Construct ACE(s)
YesNo
Note: “Video” in this context includes: realtime-Interactive, broadcast-video, multimedia-conferencing traffic-classes.
TCAMs Available for
QoS?
YesNo Yes
Yes
No Yes
No
Yes
Stop
No
YesNo
1P3Q3T Egress Queuing ModelCatalyst 2960-X / 3560-X / 3750-X
Network Management
Signaling
Realtime Interactive
Transactional Data
Multimedia Conferencing
Bulk Data
AF2
CS3
CS4
AF4
CS2
AF1
Scavenger CS1
Best Effort DF
Multimedia Streaming AF3
Broadcast Video
VoIP
Application
CS5
EF
Internetwork Control CS6
DSCP
Network Control (CS7)
Q1
Priority Queue
Queue 4(5%)
Queue 2
(30%)
Default Queue
Queue 3 (35%)
Q2T3
Q2T2
Q4T2
Q4T1
Q2T1
CS6
CS7
EF
CS4
CS3
CS2
DF
CS1
AF1
AF4
AF3
AF2
1P3Q3T
CS5
Catalyst 2960-X / 3560-X / 3750-X1P3Q3T Egress Queuing-Part 1
! This section configures egress buffers and thresholds
mls qos queue-set output 1 buffers 15 30 35 20
mls qos queue-set output 1 threshold 1 100 100 100 100
mls qos queue-set output 1 threshold 2 80 90 100 400
mls qos queue-set output 1 threshold 3 100 100 100 400
mls qos queue-set output 1 threshold 4 60 80 100 400
! This section configures egress CoS-to-Queue mappings
mls qos srr-queue output cos-map queue 1 threshold 3 4 5
mls qos srr-queue output cos-map queue 2 threshold 1 2
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 4 threshold 3 1
BRKRST-2046 20
APIC-EM Easy QoS App
New Easy QoS Features in APIC-EM 1.3
General Availability
Policy Configuration Preview
Policy Rollback/Restore (…to brownfield QoS config)
Policy Abort
Advanced Consumer Policies
Bidirectional Policies
Extended Custom Application Options (Port Range, Subnets, DSCP)
Custom SP Profiles (DSCP, BW, Class Models)
UI Alerts about Pending Changes
Faster Provisioning (1000 Devices in < 1hr)
Improved UX
Application-Driven Dynamic Policy
Client A calls
client B
QoS policy enabled
on network device
Application
Dynamic Policy
Management
Call ends
Client sends call setup
info to App server
Client sends call teardown
info to App Server
QoS policy removed
from network device
Application
Dynamic Policy
Management
App Server calls APIC-EM
to setup policy
APIC
EM
SDN API
App Server calls APIC-EM
to delete policy
APIC
EM
SDN API
28
Dynamic QoS WorkflowPart 1: Proceeding Voice/Video Call
EM
CUCM signals APIC-EM of a proceeding call via a Northbound Rest API
APIC-EM acknowledges the flow and assigns a Flow-ID
APIC-EM deploys dynamic ACLs for voice and/or video
to the specific switch ports hosting the endpoints
ip access-list extended VOICE
permit udp host 10.1.1.1 eq 18578 host 10.2.2.2 eq 17333
ip access-list extended VIDEO
permit udp host 10.1.1.1 eq 31199 host 10.2.2.2 eq 24141
ip access-list extended VOICE
permit udp host 10.2.2.2 eq 17333 host 10.1.1.1 eq 18578
ip access-list extended VIDEO
permit udp host 10.2.2.2 eq 24141 host 10.1.1.1 eq 31199
POST /api/v1/policy/flow:{"srcIPAddress":"10.1.1.1","dstIPAddress":"10.2.2.2","srcPort":31999,"dstPort":21141, "protocol" : “udp", "flowType" : "VIDEO", … "codec": “H.264" }
{"response":{"data":"success","flowId":"bc8727b7-76d0-4bac-94b9-fa6b76a1a803"},"version":“1.0"}
Dynamic QoS WorkflowPart 2: Terminating Voice/Video Call
EM
CUCM signals APIC-EM to delete the Flow-ID of a terminating call
APIC-EM removes the dynamic ACLs for voice and/or video
from the specific switch ports hosting the endpoints
ip access-list extended VOICE
no permit udp host 10.1.1.1 eq 18578 host 10.2.2.2 eq 17333
ip access-list extended VIDEO
no permit udp host 10.1.1.1 eq 31199 host 10.2.2.2 eq 24141
ip access-list extended VOICE
no permit udp host 10.2.2.2 eq 17333 host 10.1.1.1 eq 18578
ip access-list extended VIDEO
no permit udp host 10.2.2.2 eq 24141 host 10.1.1.1 eq 31199
DELETE /api/v1/policy/flow/bc8727b7-76d0-4bac-94b9-fa6b76a1a803