cisco automation with puppet and onepk - puppetconf 2013

Cisco Automation with Puppet and onePK

Jason Pfeifer Technical Marketing Engineer

© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

ICT O

perations A Decade Ago …

Network Survivability à Manageability

a

IT Services were: •  Static •  On premise •  Best effort •  Operated manually •  Agreed between humans

1

... - 2000


ICT O

perations During a Decade: Operational Maturity Evolution

Network Survivability à Manageability

Business Operations

1

a

Survivable Managed Operated Business Objective Minimize Cost OPEX Control TCO/ROI

Optimization

Service Levels Best Effort Basic SLA Tailored SLA

Process Everything ad-Hoc

Tasks and Procedures

Best Practice Models

Round-trip > days > hours > minutes

People Multi-Role

Technology Hero

Tiered Domain Expert

Tiered Role and Domain Expert

Technology Point scripts and tools

Applications and point

integrations

Layered OSS Architecture

Typical Anecdotes

2000 - 2010

I run this

Company


ICT O

perations Recently …

Network Survivability à Manageability à Automation

Virtual / Overlay Networks

Business Operations

1

a

b

3

Business today requires: •  Self-Service, On-Demand •  On Premise, Remote, Hybrid Cloud •  Wired/Wireless, BYOD •  Tight SLA •  Increasingly Automated ...

2000 - 2010

Puppet


ICT O

perations

Network Survivability à Manageability à Automation


Business Operations

1

a

b

3

Domain Controllers Domain Controllers APIs and Agents

5

6 7

c

Inflection: Business-Driven Network Automations …

2


ICT O

perations Inflection: Network Programming

Network Survivability à Manageability à Automation à Autonomy


Business Operations

1

a

b

3

Domain Controllers Domain Controllers APIs and Agents

5

6 7

c

What if the ‘User’ is a Software App?

2


“A platform for developing new control planes”

“An open solution for VM mobility in the Data-Center”

“A means to do traffic engineering

without MPLS”

“A way to scale my

firewalls and load

balancers”

“A solution to build a very large scale layer-2 network”

“A way to build my own security/encryption solution”

“A way to reduce the CAPEX of my network

and leverage commodity switches”

“A way to optimize broadcast TV delivery by optimizing cache placement and

cache selection”

“A means to scale my fixed/mobile gateways and optimize

their placement”

“A solution to build virtual topologies with optimum

multicast forwarding behavior”

“A means to get assured quality of experience for

my cloud service offerings”

“A way to distribute policy/intent, e.g. for DDoS prevention, in the network” “A way to configure my entire network

as a whole rather than individual devices”

“A solution to get a global view of the network – topology and state”

“Develop solutions at software speeds: I don’t want to work with my network vendor or go

through lengthy standardization.” Simplified

Operations

New Business

Opportunities Enhanced

Agility

I Want To Program My Network Because I Want…


New Paradigm Traditional Approach

Evolving Network Operating System Interaction

App C

Java Python Ruby

Network OS

Events

App EEM (TCL)

Actions

Routing

Data Plane

Policy

Interface

Monitoring

Discovery

CLI

AAA

SNMP

HTML

XML

Syslog

Span

Netflow

CDP

Routing Protocols

Any

thin

g yo

u ca

n th

ink

of


Cisco ONE Platform Kit (onePK)

Router/ Switch

YOUR Applications

onePK

Program

API Presentation

API Infrastructure

Catalyst Nexus ASR ISR

onePK IPC Channel

Network Programming Environment to: §  Innovate §  Extend §  Automate §  Customize §  Enhance §  Modify


Where Do onePK Applications Run? Choose the Hosting Model that Suits Your Platform and Your Application

10

App

Bla

de

App

App

On An External Server •  Plentiful memory/compute •  Higher latency and delay

•  Supported on by all platforms

On A Hardware Blade •  Dedicated memory/compute •  Low latency and delay •  Requires modular hardware blade

On the Router •  Shared memory/compute •  Very low latency and delay •  Requires modular software architecture

“End-Node”

“Blade”

“Process” Perfect for Puppet

Agent


onePK Architecture

C, Java, Python (Ruby) Program

onePK API Presentation

onePK API Infrastructure

IOS / XE (Catalyst, ISR, ASR1K)

NXOS (Nexus Platforms)

IOS XR (ASR 9K, CRS)


onePK APIs are Grouped in Service Sets

Base Service Set Description

Data Path Provides packet delivery service to application: Copy, Punt, Inject

Policy Provides filtering (NBAR, ACL), classification (Class-maps, Policy-maps), actions (Marking, Policing, Queuing, Copy, Punt) and applying policies to interfaces on network elements

Routing Read RIB routes, add/remove routes, receive RIB notifications

Element Get element properties, CPU/memory statistics, network interfaces, element and interface events

Discovery L3 topology and local service discovery

Utility Syslog events notification, Path tracing capabilities (ingress/egress and interface stats, next-hop info, etc.)

Developer Debug capability, CLI extension which allows application to extend/integrate application’s CLIs with network element

Used by onePK Puppet Agent


Agent Model Applications

Agent application resides on NE, utilizes onePK API library. Controller typically has network wide view, agent has individual box view.

Choices: Agent/Controller communication methods Where bulk of processing occurs

Agent

Network Element

onePK

Controller

Agent

onePK

Controller

Agent

Network Element

onePK

Agent

onePK

Controller

onePK

Path Computation

PCC PCC PCC

PCE

PCEP

Wireless LAN Control

WLC

AP AP AP

CAPWAP


Security Five Ways

App Security

Admin Security

Container Security

Runtime Security

Code Security

Digital Signing Certification Process

CLI Control Resource Allocation

Isolation Resource Consumption

Code Isolation Strong Typing

AAA (PKI) Encryption (TLS)

The OnePK Puppet Agent


Network Element Resident Agent

Puppet master

Puppet agent

Native Puppet agent

Puppet IPC

N3K N7K


NX

OS

onePK Agent Architecture

§  onePK provides manageability abstraction. –  Avoids CLI scraping –  Consistent across cisco OSes –  Exposes dynamic device state and

configuration

§  Linux Container –  Runs distribution on OS kernel –  Fitted with cisco onepk libraries –  Isolates application failures from

Network Element –  Flexibility for application developers

Device Components

Management Agents

Manageability Abstraction

Device Management Infrastructure OS-specific

Management Infrastructure

XOS and Component APIs

Traditional Management

Agents (CLI, syslog, SNMP, XML)

Next Generation Management

Agents (Puppet, ..)

onePK PL Transport/Marshaling

onePK AL OS Shim

Linu

x C

onta

iner


Puppet + onePK

Master Nexus Switch

onePK Module

Classify

Compile

Report

Container

onePK Infra

Puppet Agent

3. Execute

1. Request

4. Report

2. Reply onePK API


Zero Touch

Default Gateway

N3K Switch

DHCP & file server

Puppet Master

1. Boot & Start POAP

2. Downloads image, base config and OVA file

3. Starts Puppet Agent and begins talking to Master

ova manifest

4. Applies configuration through onePK


Puppet Types (Cisco) class cisco_onep { $ciscodev = "testdemo" cisco_device {$ciscodev: #log => debug, ensure => present, } cisco_interface { 'Ethernet1/8': description => 'Configured with puppet', switchport => access, access_vlan => 1001, element => $element, } cisco_vlan { 1001: ensure => present, vlan_name => 'red', state => active, element => $element, } }

Cisco Device

Cisco Interface

Cisco VLAN


onePK Puppet Agent CLI - Configuration

Command Description Example

Onep Application Application-name onep applications puppet

Puppet Version puppet v0.8

Master Puppet Master IPv4/FQDN and Port master bxb-oa-linux2.cisco.com port 8999

VRF VRF name vrf management

Cert-name Certificate name: Support shared certificate and non-shared certificate

cert-name n3k-oa-3.cisco.com

Environment Environment (categorization) environment bxb_oa_n3k_3

Node-name Node name node-name facter

Default-username Device credentials default-username lab password lab

Run-interval Run frequency run-interval 180

Domain-name Domain name domain-name cisco.com

Splay Pseduo random frequency add splay splay-limit 60

Activate Activate daemon mode activate

Name-server DNS name-server 173.37.87.157


onePK Puppet Agent CLI – Execution & Monitoring

Command Group Description Example

Noop Execute Noop execution execute onep application puppet v0.8 puppet_agent agent-noop

Oneshot Execute One time execution execute onep application puppet v0.8 puppet_agent agent-oneshot

Ssl-all Clear Clear all certificates and private keys clear onep application puppet v0.8 puppet_agent ssl-all

Ssl-cert Clear Clear certificate clear onep application puppet v0.8 puppet_agent ssl-cert

Show Oper Data Show Show puppet agent config data (master (server) name, run interval, etc.)

show onep application puppet v0.8 puppet_to agent agent oper-data

Show Last Exec Log

Show Show log from most recent noop or oneshot mode run (exec mode run)

show onep application puppet v0.8 puppet_agent agent last-exec-log

Show Run History Show Show logs from most recent daemon mode runs

show onep application puppet v0.8 puppet_agent agent run-history run-number 1

Show Puppet Config

Show Shows puppet agent –config print all show onep application puppet v0.8 puppet_agent config

Show Puppet Copyright

Show Show Puppet Agent copyright show onep application puppet v0.8 puppet_agent copyright

Show Facter Show Show all facter variables. show onep application puppet v0.8 puppet_agent facter

Show Log CLI Show Troubleshooting support show onep application puppet v0.8 puppet_agent agent log cli


onePK Puppet Agent CLI – Debug

Command Group Description Example

Debug Puppet Agent Level

Debug Enable debug level (verbose, etc.) debug onep application puppet v0.8 puppet_agent agent level 1

Debug Puppet CLI Debug CLI Troubleshooting debug onep application puppet v0.8 puppet_agent cli

Debug Puppet pmgmt

Debug Management daemon troubleshooting

debug onep application puppet v0.8 puppet_agent pmgmt

Debug Puppet Util Debug Utility troubleshooting debug onep application puppet v0.8 puppet_agent util

onePK Puppet Agent Demo


References

§  For more information on onePK –  http://developer.cisco.com/web/onepk/home

§  Mail aliases –  Puppet

§  [email protected] –  onePK

§  [email protected]

§  [email protected]

￼cisco automation with puppet and onepk - puppetconf 2013

Technology

cisco automation with puppet and onepk - puppetconf 2013