cisco csr1000v, vmware, and restful apis
DESCRIPTION
Cisco CSR1000V, VMware, and RESTful APIsTRANSCRIPT
![Page 1: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/1.jpg)
Cisco Cloud Services Router 1000V
Special Guest Topics:VMwareonePK
RESTful API2/13/2014
Tanner
![Page 2: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/2.jpg)
What is it?• Router in virtual form factor• Runs IOS-XE (Linux-Based)
– Same base OS as ASR1k, WLC 5760• Part of Cisco’s virtual portfolio
– Nexus 1000V, ASA 1000V, CSR 1000V,• IP/Ethernet Traffic Only
– No T1/PRI/DSP/WIC modules• Supported on
– VMware ESXi– Amazon AMI– Citrix XenServer– Red Hat KVM
![Page 3: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/3.jpg)
Feature ComparisonCisco 892 Cisco CSR1000V
CBAC/IOS Firewall Zone-Based Firewall
AAA Legacy & New Format AAA New Format
Netflow Top Talkers FNF Top N Talkers
Adv. IP Services (Included)
Feature, Throughput, Term Licensing
(2) L3 Interfaces Unlimited* L3 Interfaces
(8) L2 Switchports Not Supported
Max Throughput: 51Mbps Max Throughput: 1Gbps*
* up to maximum supported by hypervisor
![Page 4: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/4.jpg)
VMware ESXi 5.1
Add NICs, Memory, etc.
to VM
Virtual Machine
HypervisorVirtually sit at
VM console screen
![Page 5: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/5.jpg)
• DAS• NFS• iSCSI• Fibre Channel
![Page 6: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/6.jpg)
ZONE-BASED FIREWALL
![Page 7: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/7.jpg)
CBAC vs ZBFWCBAC / IOS Firewall Zone Based Firewall
Interface Based Configuration Zone Based Configuration
Controls Inbound and Outbound access on an interface
Controls Bidirectional access between zones
Uses inspect statements and stateful ACLs Uses Class-Based Policy language
Not Supported Support Application Inspection and Control
Support from IOS Release 11.2 Support from IOS Release 12.4(6)T
Default “permit all” policy Default “deny all” policy
![Page 8: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/8.jpg)
Configuration Exampleip access-list extended ACL-INSIDE-TO-VPN remark --- Allow Mgmt Ports permit udp any any eq snmptrap ...
class-map type inspect match-any CLASS-ZBF-INSIDE-TO-VPN match access-group name ACL-INSIDE-TO-VPN
policy-map type inspect POLICY-ZBF-INSIDE-TO-VPN class type inspect CLASS-ZBF-INSIDE-TO-VPN inspect class class-default drop log
interface GigabitEthernet2 description Customer Inside/Internal zone-member security INSIDE
interface Tunnel1 description VPN Headend zone-member security VPN
zone-pair security ZP-INSIDE-TO-VPN source INSIDE destination VPN service-policy type inspect POLICY-ZBF-INSIDE-TO-VPN
![Page 9: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/9.jpg)
• CSR1k VM hosted inside– Your own server– Your hosted server– Cloud service provider
server (AWS)
![Page 10: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/10.jpg)
PROGRAMMATIC ACCESSonePK and RESTful APIs
![Page 11: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/11.jpg)
What is an API?
• Interface implemented by an application which allows other applications to communicate with it
• Examples– Microsoft SharePoint (REST API)
https://my.sharepoint.local/_api/web/lists/getByTitle(‘sales')/items
![Page 12: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/12.jpg)
Representational State Transfer (REST)
• Uses HTTP/S• Verbs / Request Methods– HTTP GET, POST (Create), PUT (Replace), DELETE
RequestGET https://172.30.0.123/api/v1/global/local-users
ResponseHTTP/1.1 200 OK{ "kind": "collection#local-user", "users": [{ "username": "cisco", "privilege": 15, "kind": "object#local-user", "pw-type": 0 }] }
![Page 13: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/13.jpg)
Cisco APIs
RESTful
• CIMC XML• Cisco ISE• Cisco Prime Infrastructure• Cisco CSR1000V• Cisco Nexus 1000V• onePK (“Coming Soon”)• Application Centric
Infrastructure (ACI)
SOAP/WSDL
• Cisco ACS• Cisco Mobility Services• Cisco UCM• Cisco UCS Manager
![Page 14: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/14.jpg)
One Platform Kit• onePK is a device level API for Cisco’s core
operating systems
![Page 15: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/15.jpg)
Current Uses of onePK
Common Use Cases
• Custom Routing and Traffic Steering
• Custom Traffic Analytics• Network Automation• Health Monitoring• Policy Control• Security• Threat Mitigation• Data Center Orchestration• NMS/OSS Integration
Specific Applications
• Configuration and verification tool• Topology mapping and device
location mapping monitor• Path trace network monitoring• Programming application routes
based on utilization/latency/cost• Custom encryption of selected
traffic
![Page 16: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/16.jpg)
LAB
Configure & Install CSR1000V - 30 minsConfigure & Use RESTful API - 30 mins
![Page 17: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/17.jpg)
Lab Summary
• Configure VMware Networking• Deploy OVA from Template• Configure Router• Configure Zone-Based Firewall• Configure RESTful API• Use REST GET/POST to add & remove a NAT
See lab guide for details
![Page 18: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/18.jpg)
Lab Diagram
![Page 19: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/19.jpg)
Lab Routers
Rtr # Mgmt ZoneDMZ Zone (Shared) Restricted Zone API IP
1 172.18.30.16 10.228.32.16 10.66.0.1 172.18.30.116
2 172.18.30.17 10.228.32.17 10.66.0.2 172.18.30.117
3
4
5
6
7
8
vSphere Client172.18.31.200
![Page 20: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/20.jpg)
APPENDIX A
Installing CSR1000V on UCS with VMware 5.1 ESXi Hypervisor
![Page 21: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/21.jpg)
Configure VMware Networking
![Page 22: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/22.jpg)
Deploy OVA Template
![Page 23: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/23.jpg)
![Page 24: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/24.jpg)
APPENDIX BEnabling RESTful API using CLI
![Page 25: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/25.jpg)
Enable RESTful API (3.11S)
interface GigabitEthernet1 description Router Management ip address 172.28.32.xx 255.255.255.0 negotiation auto
interface VirtualPortGroup0 description RESTful API ip unnumbered GigabitEthernet1
virtual-service csr_mgmt vnic gateway VirtualPortGroup0 guest ip address 172.28.32.1xx activate
ip route 172.28.32.1xx 255.255.255.255 VirtualPortGroup0 name CSR1000V-REST-API
![Page 26: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/26.jpg)
Using RESTful Method• Request 8-Hour Authentication Token
curl -v -X POST https://172.18.32.1xx/api/v1/auth/token-services -H "Accept:application/json" -u "cisco:cisco" -d "" --insecure -3
• Get Local User Listcurl -v -H "Accept:application/json" -H "X-Auth-Token:I4i1StrkzobKpj4L0G+V1A30Ves77l5DUaPzFveSHK8=" -H "content-type: application/json" -X GET https://172.18.32.1xx/api/v1/global/local-users --insecure -3
• Get NAT Translationscurl -v -H "Accept:application/json" -H "X-Auth-Token:I4i1StrkzobKpj4L0G+V1A30Ves77l5DUaPzFveSHK8=" -H "content-type: application/json" -X GET https://172.18.32.1xx/api/v1/nat-svc/translations --insecure -3
• Add New NAT Translationcurl -v -H "Accept:application/json" -H "X-Auth-Token:I4i1StrkzobKpj4L0G+V1A30Ves77l5DUaPzFveSHK8=" -H "content-type: application/json" -X POST https://172.18.32.1xx/api/v1/nat-svc/static -d '{"nat-rule-id": “phx-router01","mode": "inside-source", "ip-mapping": { "local-ip": "172.18.99.99", "global-ip": "10.14.1.1"} }' --insecure -3
ip nat name phx-router01 inside source static 172.18.99.99 10.14.1.1
![Page 27: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/27.jpg)
APPENDIX CEnabling onePK on IOS
![Page 28: Cisco CSR1000V, VMware, and RESTful APIs](https://reader033.vdocuments.mx/reader033/viewer/2022061216/54b366e04a795977358b45b9/html5/thumbnails/28.jpg)
Enabling onePK