Scribd
Upload
67 views

Programmation Cisco

Uploaded by

Bernard Ndale
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
67 views

Programmation Cisco

Uploaded by

Bernard Ndale
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 65

Praha, Hotel Clarion

10. – 11. dubna 2013

Network Programming
in a
Cisco Open Network Environment
Start using onePK and EEM
T-SDN4/L3

Bruno Klauser
Consulting Engineer
BN EMEAR CTO Team
[email protected]
© 2011
2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1
An Analogy
Highly motivated individuals
Full control over every single detail

Highly skilled and trained crew


Human brain in every control loop

Specialized distributed crew


Reasonable control within boundaries

From: Detailed control by a single central authority


Towards: Collaborative operations of a partially autonomic system
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 2
2
Software – Network Convergence

Donald Knuth, 1974


(Author of “The Art of Computer Programming”)

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 3
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Describing Software Architectures
4+1 View Model
• Scenarios: Use Case, Who, What and Why
Examples: Routing-for-(Dollars), Application-Flow-Manipulation,
Network Slicing, SDDC Provisioning, CIN, …

• Development View: SDKs, Packages, Libraries, Tools


Examples: onePK SDK, binaries, .so, Eclipse, Debugger, IOL, …

• Logical View: Features, Functions, Classes, Abstractions


Examples: onePK APIs in C, Java, Application APIs, …

• Process View: Architectures, Processes, Interactions, Objects


Examples: Agents, Controllers, Thrift IDL, Cloud Connectors, Sentinels, …

• Physical View: Deployment, Hosting, Topology, Connectivity


Examples: Virtual Containers, Blades, Endpoints, L1-2-3, Overlay

See: https://en.wikipedia.org/wiki/4+1_Architectural_View_Model
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 5
Cisco Open Network Environment – ONE
Preserve What is Working Open Network Environment
• Resilience, Scale, Security
• Functionality and Rich Features
• Instrumentation
Development View Process View Physical View
Logical View
Evolve for New Requirements
• Operational Simplicity and Automations (Software)
• Programmability and Network-Awareness Network Architectures and Deployment and
Programming Patterns Virtualization
• Upcoming Innovations

Open and Integrated Framework


• Software Defined Network concepts are a
component of the Open Network Environment Open
Network Environment
Scenarios and Motivations
• Existing APIs, Agents, Controllers and
Infrastructure contribute

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 6
Cisco Open Network Environment – ONE
Preserve What is Working Open Network Environment
• Resilience, Scale, Security
Network (Software) Deployment and
• Functionality and Rich Features Programming Architectures and Virtualization
• Instrumentation Patterns
Nexus 1000v
CSR 1000v
Evolve for New Requirements onePK Controllers VSG and vFW/ASA,
(ONE/Openflow PoC) vWAAS, vNAM, …
• Operational Simplicity and Automations (SBC, WLC, +++)
• Programmability and Network-Awareness developer.cisco.com, Cisco Openstack Ed
CDN, Training,
• Upcoming Innovations Certification, CIN, CloudConnect, Blade Hosting
Partners, EEM, EASy Sentinels, Agents (UCS-E, …), Virtual
Containers (AirVision,
Open and Integrated Framework Cat, ISR, ASR, …)
• Software Defined Network concepts are a
component of the Open Network Environment Open
Network Environment
Scenarios and Motivations
• Existing APIs, Agents, Controllers and
Infrastructure contribute

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 7
Cisco Open Network Environment – ONE
Preserve What is Working Open Network Environment
• Resilience, Scale, Security
Network (Software) Deployment and
• Functionality and Rich Features Programming Architectures and Virtualization
• Instrumentation Patterns
Nexus 1000v
CSR 1000v
Evolve for New Requirements onePK Controllers VSG and vFW/ASA,
(ONE/Openflow PoC) vWAAS, vNAM, …
• Operational Simplicity and Automations (SBC, WLC, +++)
• Programmability and Network-Awareness developer.cisco.com, Cisco Openstack Ed
CDN, Training,
• Upcoming Innovations Certification, CIN, CloudConnect, Blade Hosting
Partners, EEM, EASy Sentinels, Agents (UCS-E, …), Virtual
Containers (AirVision,
Open and Integrated Framework Cat, ISR, ASR, …)
• Software Defined Network concepts are a
component of the Open Network Environment Open
Network Environment
Scenarios and Motivations
• Existing APIs, Agents, Controllers and
Infrastructure contribute

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 8
Network Automation and Manageability
DC Headquarters

Cisco IOS® Device Manageability Instrumentation (DMI)


Fault Configuration Performance Accounting
 IPIPOAM—Ping, Trace, BFD,  Config
OAM—Ping,Trace, ConfigCLI
CLI—diff, logging,  Auto
AutoIPIPSLA—delay,
SLA—delay,jitter,
jitter,  Flexible
FlexibleNetFlow
NetFlow—
ISG per session lock, replace, rollback loss probability
packet loss, IETF IPFIX
 802.3ah—Link monitoring  E-LMI—parameter and  CBQoS MIB—class-based  BGP policy accounting –
and remote fault indication status signaling QoS includes AS information
 802.1 ag—Continuity  E-DI—Enhanced Device  NBAR  Periodic MIB bulk data
check, L2 ping, trace, AIS Interface, CLI, Perl, IETF  RMON collection and transfer
 MPLS OAM—LSP ping, Netconf  EPC – Embedded Packet  …
LSP trace, VCCV  EMM — Embedded Menu Capture
 EEM—Embedded Event Manager  ERM—Embedded
Manager  NETCONF—IETF Resource Manager
 EVENT-MIB—OID-based NETCONF XML PI  GOLD—Generic Online Security
triggers, events, or SNMP  CNS and WSMA Diagnosis
Set, IETF DISMON  TR-069  Smart Call Home—  Auto Secure—one-touch
 EXPRESSION-MIB—OID  KRON—command preventive maintenance device hardening
expression-based triggers, scheduler  VidMon—Video Monitoring  LDP Auth—message
IETF DISMON  AutoInstall—bootstrapping  … authentication
 …  IOS.sh —IOS Shell  Routing Auth—MD5
 SmartInstall authentication, BGP, OSPF
 Auto SmartPorts …
 …
Device Manageability Instrumentation Has Evolved Significantly
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 9
Network Automation Life-Cycle Span
Is it built to
Specification? How to take
Does it meet out of service?
Requirements?

Pre-Operational Era Operational Era Post-Operational Era

Network Automation spans across full Life Cycle


Real-World
Example
Trigger a Workflow in the Network
Problem: Sometimes we want to receive remote information on a Router / Switch and be able to react to
it locally – for example a notification from a UPS System.
Solution: Use Network Automation based on Cisco IOS Embedded Event Manager
leveraging the EEM SNMP Notification Event Detector
EEM EEM

 Router / Switch can received SNMP Notifications


 Execute (trigger) EEM Policy to take local action
 Policy can query varbind info Uninterruptible
 Supports Incoming or Outgoing Notifications Power Supply

 Outgoing only for locally generated Notifications SNMP Trap – On Battery


5 Min Remaining!
Router(config}# event manager applet catch-a-trap
router(config-applet)# description test snmp notification unmanaged service
router(config-applet)# event snmp-notification oid 1.3.6.1.6.3.1.1.4.1.0
oid-val "1.3.6.1.6.3.1.1.5.3" op eq src-ip-address 10.51.89.176
direction incoming
router(config-applet)# action 010 …
router(config-applet)# action 020 …
Real-World
Example
Trigger a Workflow from the Network
Problem: A new rogue WLAN device in sensitive areas should be detected by Cisco CleanAir and
automatically focus/pan/zoom a security camera.
Solution: Use Network Automation based on Cisco IOS Embedded Event Manager to receive an SNMP
Notification from WLC and trigger the Video Operations Manager via HTTP

1. Rogue WLAN Device added

2. Rogue Device detected by CleanAir AP


1
2 6
3. WLC sends SNMP Notification

4. EEM triggers upon SNMP Notification

5. EEM notifies VSOM via HTTP


ATM
6. Security Camera Focus/Pan/Zoom
EEM
4
Real-World
Example
Collect and Share Remote Information – 1/2
Problem: How to actively gather and share information from a router and from a few devices
behind the router – across organizational and technical borders?
Solution 1: Initiate a project to make use of SNMP, Syslog, Event Management Software,
Reporting, Provisioning and CRM Systems ...
Solution 2: Use Cisco IOS Network Automation to collect and post the information

Using Cisco IOS Embedded Event Manager and Tcl:

1. Import the http package into EEM policy


namespace import ::http::*

2. Collect the information required

3. Build a query for the http POST operation


set my_query [::http::formatQuery "status" $my_info]

4. POST the information to a website


set my_reply [::http::geturl $my_server_url -query $my_query]
Real-World
Example
Collect and Share Remote Information – 2/2

See: http://twitter.com/EASyDMI
Note: it is NOT recommended to use a public site or feed other than for demo purpose
Embedded Event Manager (EEM)
email SNMP set SNMP SNMP Reload or Application CLI IOS.sh TCL
Syslog
notification Counter get notification switch-over specific Applets Policies Policies

Actions

EEM Applets
multi-event-correlation
Embedded Event
Manager

Event Detectors
Interface XML CDP
Syslog SNMP Timer none HW Watchdog CLI OIR ERM EOT RF GOLD NetFlow IPSLA Route 802.1x MAC
Counter RPC LLDP
ED EDs EDs ED EDs ED ED ED ED ED ED ED ED ED ED ED ED
ED ED ED

Remote:
• Fan
• Notification • Cron Process Interface
Syslog • Temp
Local: • Count Scheduler Descriptor
Event • Env
• Notification down Database Blocks
• ...
• Get/Set

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 15
Embedded Event Manager – Applet Evolutions
EEM Version Release Applet Modifications Peanut Gallery Comments

12.0(26)S 2 Events: Syslog, SNMP Initial Version


1.0
12.3(4)T Actions: Log, CNS event, Reload, Switchover Limited benefits

No structure changes
Various New event detectors
2.0 12.3(14)T1 Many new actions
New actions: cli, info, mail, policy, SNMP trap, Modify counters, Publish
2.1 12.2(18)SXF5 Popular CLI / mail
application events,
2.2 12.4M Actions run linear
Read/set tracked objects

Maxrun support ==
maxrun support
2.3 12.4(11)T security
pattern parameter for CLI actions
Can handle CLI prompts

Boolean correlation
2.4 12.4(20)T multi-event support of events within
applet.
Redesign of action mechanism
Program counter added Applets now rock!
12.4(22)T
3.0 Loops, conditionals, regexps, Programming language
12.2(33)SE
context save, error handling feel.

3.1/3.2 - No changes -

Applet file actions


4.0 15.2(2)T TLS/SSL support for SMTP actions File manipulation handy!
Custom port for SMTP actions
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 16
16
Example: EEM Applets – Loops, Variables
Problem: None in Particular

Solution: Have fun exploring EEM Applet capabilities


event manager applet 99-bob
description written by bklauser inspired by http://www.99-bottles-of-beer.net Setting a Variable
event none
action 100 set b 99
action 110 while $b gt 1 While Loop – {
action 120 puts "$b bottles of beer on the wall, $b bottles of beer."
action 130 decrement b
action 140 puts "Take one down, pass it around, "
action 150 puts "$b bottles of beer on the wall.\n"
Decrementing a Variable
action 160 end
action 170 puts "$b bottle of beer on the wall, $b bottle of beer."
action 180 puts "Take one down, pass it around, " While Loop – }
action 190 puts "no more bottles of beer on the wall.\n"
action 200 puts "No more bottles of beer on the wall, "
action 210 puts "no more bottles of beer." Referencing a Variable
action 220 puts "Go to the store and buy some more, "
action 230 puts "99 bottles of beer on the wall.\n"
!
alias exec sing event manager run 99-bob Using an Alias to run our Applet
See also: http://www.99-bottles-of-beer.net/language-cisco-ios-embedded-event-manager-applet-2909.html
Packaging Network Automations
Problem: Cisco IOS Embedded Automation Systems often include multiple configuration items,
files, checks and procedures – how to ensure they are deployed consistently?
Solution: Cisco EASy provides a simple packaging mechanism and open-source EASy Installer. A
developer guide is available online to assist with the creation of EASy packages.
 Package Description
 Pre-Requisite Verification
EASy Installer = Menu Guided Installation

 Pre-Installation Config +
 Pre-Installation Exec MyPackage.tar
 Environment Variables
Router# easy-installer tftp://10.1.1.1/mypackage.tar flash:/easy
 Configuration
-----------------------------------------------------------------
 Files Configure and Install EASy Package ‘mypackage-1.03'
 Post-Requisite Verification -----------------------------------------------------------------
1. Display Package Description
 Post-Installation Config 2. Configure Package Parameters
 Post-Installation Exec 3. Deploy Package Policies
4. Exit
 Uninstall
Enter option: 2
See: http://www.cisco.com/go/easy
EASy Package guide: http://tools.cisco.com/squish/cEAe3
For Your
Embedded Automation Systems (EASy) Reference

1. Browse and Download EASy Packages


www.cisco.com/go/easy

2. Make Sure to also download EASy Installer

3. Browse Other Embedded Automations


www.cisco.com/go/ciscobeyond

4. Learn About The Technology Under The Hood


www.cisco.com/go/instrumentation
www.cisco.com/go/eem
www.cisco.com/go/pec

5. Discuss, Ask Questions, Suggest Answers


supportforums.cisco.com
supportforums.cisco.mobi

6. Upload your own Examples to CiscoBeyond


www.cisco.com/go/ciscobeyond

7. Engage via [email protected]

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 19
Operational Network Automation
Business Operations

1 3 5

APIs and Agents


Domain
DomainControllers
Controllers c

6 7

ICT Operations
b
Virtual / Overlay Networks

Network
Survivability  Manageability  Automation

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 20
Operational Network Automation
Business Operations

1 3 5

APIs and Agents


Domain
DomainControllers
Controllers c

6 7

ICT Operations
b
Virtual / Overlay Networks

Network
Survivability  Manageability  Automation

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 21
Inflection: Business-Driven Network Automations …
Business Operations

1 2 3 5

APIs and Agents


Domain
DomainControllers
Controllers c

6 7

ICT Operations
b
Virtual / Overlay Networks

Network
Survivability  Manageability  Automation

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 22
Inflection: Business-Driven Network Automations …
Business Operations

1 2 3 5

APIs and Agents


Domain
DomainControllers
Controllers c

6 7

ICT Operations
b
Virtual / Overlay Networks

Network
Survivability  Manageability  Automation

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 23
Self-Service for Human Users
Business Operations

1 3

Wireless Controller(s) (WLC, etc, …)

ICT Operations
b
Virtual / Overlay Networks

Network
Survivability  Manageability  Automation

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 24
Self-Service for Human Users
Business Operations

1 3 Operations
(FCAPS)

Wireless Controller(s) (WLC, etc, …) c

ICT Operations
b
Virtual / Overlay Networks

Network
Survivability  Manageability  Automation

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 25
Self-Service for Human Users
Business Operations

1 3 Operations
(FCAPS)

Wireless Controller(s) (WLC, etc, …) c

Resource
6 Allocation 7

ICT Operations
b
Virtual / Overlay Networks

Network
Survivability  Manageability  Automation

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 26
Self-Service for Human Users
Business Operations

1 3 5 Services
Operations
(Location, Guestnet, Onboarding, …)
(FCAPS)

Wireless Controller(s) (WLC, etc, …) c

Resource
6 Allocation 7

ICT Operations
b
Virtual / Overlay Networks

Network
Survivability  Manageability  Automation

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 27
Self-Service for Human Users
Business Operations

1 3 5 Services
Operations
(Location, Guestnet, Onboarding, …)
(FCAPS)

Wireless Controller(s) (WLC, etc, …) c

Resource
6 Allocation 7

ICT Operations
b
Virtual / Overlay Networks

Network
Survivability  Manageability  Automation

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 28
Inflection: Network Programming
Business Operations

1 2 3 5
APIs and Agents
Domain
DomainControllers
Controllers c

6 7

ICT Operations
Virtual / Overlay Networks b

Network
Survivability  Manageability  Automation  Autonomy

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 29
Inflection: Network Programming
Business Operations

1 2 3 5
APIs and Agents
Domain
DomainControllers
Controllers c

What if the ‘User’ is a Software App?


6 7

ICT Operations
Virtual / Overlay Networks b

Network
Survivability  Manageability  Automation  Autonomy

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 30
Cisco ONE Platform Kit (onePK)

YOUR Network Programming


C, JAVA Program
Applications Environment to:
• Innovate API Presentation

• Extend
onePK
• Automate onePK IPC Channel
• Customize
API Infrastructure
• Enhance
Any Cisco • Modify ASR
Router or Catalyst Nexus
ISR
Switch

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 31
Cisco ONE Platform Kit (onePK)
Service Set Description Version v.6.0.5 EFT 2012/2013
onePK Provides
Data Path Provides packet delivery service to application: Copy, Punt, Inject
Provides filtering (NBAR, ACL), classification (Class-maps, Policy-
• Abstractions (Service Sets) Policy maps), actions (Marking, Policing, Queuing, Copy, Punt) and applying
policies to interfaces on network elements
Routing Read RIB routes, add/remove routes, receive RIB notifications
• Programmatic Interfaces (C, Java, (REST) …) Element
Get element properties, CPU/memory statistics, network interfaces,
element and interface events
Discovery L3 topology and local service discovery
• Software Development Kit (SDK) Utility
Syslog events notification, Path tracing capabilities (ingress/egress
and interface stats, next-hop info, etc.)
Debug capability, CLI extension which allows application to
Developer extend/integrate application’s CLIs with network element

Anatomy of a onePK Application


• Software Application (currently C and Java)

• Interfaces and Abstractions (Service Sets)

• Communication Bus (Thrift IDL)

• Connected-Apps Agent in Network OS

• Network OS Features and Embedded Automations Write once run anywhere


© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 32
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
CPU, Memory, Platform, Serial #, Versions,
System
Uptime, Location, OIR, CLI Changes
Element

Port, Slot, BW, MTU, TX/RX, BPS, PPS, Errors, YOUR


Interfaces Applications
Other Stats, Config, Link Changes

CDP, Topology Graph, Edges, Nodes,


Discovery
Topology Changes

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 34
System Location
Element

YOUR
Interfaces IP address, MTU, Clear Stats, Shut/No Shut Applications

Discovery Filters

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 35
char *str = NULL;
onep_element_connect(elemA, user, pwd, NULL, &sh);
onep_element_get_property(elemA, &property);
if (property) {
onep_element_to_string(elemA, &str);
if (str) {
fprintf(stderr, "\nElement Info: %s\n", str);
free(str);
}
}

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 36
Monitor Memory Usage
• Problem: What if we need to dynamically investigate further upon a resource symptom ?

• Solution: Use the integration of EEM + ERM to trigger an EEM event when processor
memory is greater than 80%

resource policy
policy critmem global
system
memory processor
critical rising 80
interval 5
user global critmem

event manager applet totmemcheck


event resource policy critmem
action 100 mail server “<server>” to “<to>” from “<from>” subject
“Warning: proc memory spike”

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 37
Real-World
Example

A Network “Top”

• Use onePK to build a live process monitor


similar to UNIX top
• The same app can connect to multiple
devices to display the top processes across
the entire network

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 38
Routing RIB, Next-Hop, metric, AD, scope (VRF), Changes

YOUR
QoS Configured Classes Applications
Policy

Security Configured ACLs

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 39
Routing Static routes

YOUR
QoS Service-Policies (Police, Mark, Shape, Queue) Applications
Policy

Security ACLs

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 40
• Getting Routes

• Setting Routes

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 41
Example: Routing for Dollars / CO2 / Tulips /…

Setup
• EIGRP

• Routing Topology

• No External Metrics

• No External Algorithm

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 42
Example: Routing for Dollars / CO2 / Tulips /…

Application Routes
• EIGRP

• onePK

• External Metrics

• External Algorithm

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 43
Example: Routing for Dollars / CO2 / Tulips /…

router ospf 1
redistribute application <app name> ...
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 44
Example: Routing for Dollars / CO2 / Tulips /…
Statistics and Metrics
• Code Metrics Framework makes it easy to
modify code and change business
‒ Total lines of code: 4700 (JAVA) logic.
‒ 40% SWING GUI
‒ 20% Dijkstra’s algorithm, lowest cost path determination
‒ 25% Housekeeping: Node and link database
‒ 15% Calls to onePK infrastructure + error checking
• Code increase to add “Latency based routing” on top of “Routing for Dollars”
‒ 100 lines of code Modular java code makes it easy
to deploy on multiple clients.

• Modular code base written in Java has allowed us to port this to mobility client.

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 45
Example: Routing for Dollars / CO2 / Tulips /…
Recent Extensions

Path determination
based on lowest latency

Latency information fed Port to mobility


into app through IPSLA client

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 46
YOUR
Applications
Data Plane Copy or Punt Packets

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 47
YOUR
Applications
Data Plane Inject New or Modified Packets

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 48
TRY(rc, onep_dpss_register_for_packets(
ne1,
dpss,
targ_left, Defines traffic of interest
interesting_class,
ONEP_DPSS_ACTION_PUNT, Action to take on
interesting traffic
encrypt_callback,
(void *)intf_left, Where traffic goes next
&reg_handle), "Register for packets");

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 49
Real-World
Example

Problem: We need to custom encrypt packets of a specific application traffic flow


Solution: Use onePK to punt, encrypt and reinject the relevant packets
1
telnet
1. Policy APIs on ingress router are set to onePK application
punt telnet and syslog to app http encrypt
2. App encrypts punted traffic and re- 2

encrypt
http
injects into data path. Unsecure
5 Network
3. Policy APIs on egress router punt telnet 3
and syslog to app encrypt
4. App decrypts punted traffic and re- http onePK application
injects into data path. telnet telnet
5. Traffic that does not match policy 4
passes through unencrypted.

50
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect
5
What Client Sees What Wireshark Sees

51
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect
5
Request + Filter
Examples:
- Getting 50’000 ACLs Block Result 1 iterative
from an Element Iterator
Iterations ...

Examples: Subscribe + Filter


Publish
- Syslog Messages Event Notification
- RIB Changes
Handler Subscribe
Event

Examples: Call Request


- Setting 50’000 ACLs
Callback
on an Element Callback Function
Response

Examples:
- Get Element Version
- Set Interface Address
Call / Return synchronous

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 52
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 53
Portfolio of API, Languages and Abstractions
Network Programming with onePK and Embedded Network Automation

Native Advanced
Higher-Level
Network OS Network OS Object Oriented
Structured API Abstractions /
Embedded Embedded API
Interfaces
Automation Scripting

Event-/Expression- MIB, Tcl, Python, Embedded onePK C onePK Java onePK Libraries
PfR, IPSLA Thresholds, Event Manager, EASy, REST, XMPP, Design
Embedded Event … Patterns, OMNI
Manager Applets, … Controllers, …

Network Automation – Embedded Automations

Choice and Flexibility of Implementation


© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 54
For Your
Cisco ONE – Current Key Components … Reference

Business Operations

1 2 3 4 5
APIs and Agents
ONE Controller
Domain
DomainControllers
Controllers
Open Daylight Controller c

6 7

ICT Operations
APIs and Agents
onePK
Virtual / Overlay Networks b

Cisco Openstack Edition


Nexus 1000v CSR 1000v ASA 1000v VSG vWAAS ++

APIs and Agents


onePK Openflow
CloudConnectors onePK a
UCS-E Virtual Containers

Network
Survivability  Manageability  Automation  Autonomy

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 55
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
For Your
References – Programmable and Cloud-Intelligent Reference

• Cisco ONE – Open Network Environment: http://www.cisco.com/go/one

• Cisco onePK – ONE Platform Kit: http://www.cisco.com/go/onepk

• Cisco Developer Network: http://developer.cisco.com/web/onepk

• Cisco EASy – Embedded Automation Solutions: http://www.cisco.com/go/easy

• Cisco Scripting Community: www.cisco.com/go/ciscobeyond

• Cisco Cloud Connectors – Blog: http://blogs.cisco.com/borderless/the-network-is-the-path-to-accelerate-adoption-of-cloud-services/

• Cisco Cloud Connectors – Marketplace: https://marketplace.cisco.com/catalog/search?search[technology_category_ids]=938

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 57
For Your
Network Programming Hands-On Lab Reference

At CiscoLive: Join us for TECNMS-3601


Advanced Network Automation or
1. Walk up to the WISP Labs
2. Book a seat for:
- Network Automation – The Basics
- Network Automation – Intermediate
- Network Automation – Advanced
- Network Automation – Smart Call Home
- Network Programming – The Basics
- Network Programming – Intermediate
- Network Programming – Advanced

Partners via PEC (currently being updated):


1. Navigate to http://www.cisco.com/go/pec
2. Click on >Launch
%Network Automation%
3. Search for ‚%Network Programming%‘
4. Enjoy !
Network Automation Hands-On Lab – 3 Levels 3 – Network Automation: Advanced
Service Planning
Task 311 – EEM System Policies – Tune to Device’s EEM Capacity
2 – Network Automation: Intermediate Service Deployment
Service Planning Task 321 – Using Tcl Libraries in EEM Policies – Pure Tcl
Task 211 – Exporting Bulk Statistics Task 322 – Dynamically Configure from HTTP Input – Using a Pure Tcl Library
Task 222 – Exporting upon Periodical Time Windows Task 323 – Protect Your Intellectual Property – Signed Byte Code
Service Deployment Service Monitoring
Task 221 – Installing an EASy Package – Extensible HTTP Server Task 331 – Send Syslog Upon Route Change – EEM Routing Event Detector
Task 222 – Creating an EASy Package – Hello World Task 332 – Monitoring Resource Groups – Using ERM and EEM
Task 223 – Configure Your Network for a onePK Application Task 333 – Collecting Reliable Metrics – Using DCM, IP SLA and EEM
Task 224 – EASy Post-Deployment Manageability Verification Service Troubleshooting
Service Monitoring Task 341 – EEM Applet – Testing and Debugging EEM Policies
Task 231 – Monitoring Resources – Using ERM and EEM
Task 232 – Monitor Application Traffic using Flexible NetFlow - NBAR Integration
TBC Task 233 – Monitoring SLA – Using Cisco IOS Auto IPSLA (+ IPSLA ED)
Service Troubleshooting
Task 241 – Detecting Low-TTL Traffic
Task 242 – Capturing Packets – Using Embedded Packet Capture
Task 243 – Capturing Packets – Using the EASy EPC Package
Task 244 – Logging SNMP Traps – Using the EASy Trap Logger

1 – Network Automation: The Basics


Task 101 – Working with EEM Applets – Hello World
Task 102 – Working with EEM Tcl Policies – Hello World
Task 103 – Working with EEM – CLI Event Detector
Task 104 – Working with EEM – Regular Expressions
Task 105 – Simple Command Logging – EEM CLI Event Detector
Task 106 – Custom Interface Failover – using EEM, IPSLA, and Enhanced Object Tracking (EOT)
Task 107 – Editing ASCII Files in IOS
Task 108 – Using the IOS HTTP Client
Task 199 – Sneak Peek: onePK Custom Routing Application
Network Programming Hands-On Lab – 3 Levels

3 – Network Programming: Advanced


Task 491 – Simulating a Network – IOL and NETMAPs
Task 492 – Connecting to a Simulated Network – IOLTunnel
Task 611 – Introspection: Discover Service Sets supported

2 – Network Programming: Intermediate


Task 521 – Application Interaction with Custom CLI
Task 531 – Application Interaction with Embedded Event Manager

1 – Network Programming: The Basics


Task 511 – Sample App: Deploy and Run a onePK Application from Eclipse
Task 402 – Sample App: Routing for Dollars – Beyond Normal Routing Metrics
Task 411 – Compile and Run a onePK C Application using make
Task 412 – Compile and Run a onePK Java Application using mvn
Task 421 – Create your own C onePK application
Task 422 – Create your own Java onePK application
Master Class Network Programming and Automation
Sustainable Innovation and Differentiation with Cisco Embedded Automation and onePK
How can I successfully use Network Programming? What have other Customers and Partners done?

Step-by-step introduction and adoption strategies Real-Life Examples and Case Studies

Where do I start – can I do this? What are Cisco ONE and onePK anyhow?

Practical Examples and Hands-on Lab Illustration in the bigger SDN and Automation Context

Join us for the Network Programming Master Class Series


For Your
References – Instrumentation and Automation Reference

Device Manageability Instrumentation (DMI) www.cisco.com/go/instrumentation


 Embedded Event Manager (EEM): www.cisco.com/go/eem
 Cisco Beyond – EEM Community: www.cisco.com/go/ciscobeyond
 Embedded Menu Manager (EMM): http://tinyurl.com/emm-in-124t
 Embedded Packet Capture (EPC): www.cisco.com/go/epc
 Flexible NetFlow: www.cisco.com/go/netflow and www.cisco.com/go/fnf
 GOLD: http://www.cisco.com/en/US/products/ps7081/products_ios_protocol_group_home.html
 IPSLA (formerly SAA, formerly RTR): www.cisco.com/go/ipsla
 Network Analysis Module: http://www.cisco.com/go/nam
 Network Based Application Recognition (NBAR): www.cisco.com/go/nbar
 Security Device Manager (SDM): http://www.cisco.com/go/sdm
 Smart Call Home: www.cisco.com/go/smartcall
 Web Services Management Agents (WSMA): http://tinyurl.com/wsma-in-150M
 Cisco Configuration Engine (CCE): www.cisco.com/go/ciscoce

 Feature Navigator: www.cisco.com/go/fn


 MIB Locator: www.cisco.com/go/mibs
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 62
Network Programming and Automation
Sustainable Innovation and Differentiation with Cisco Embedded Automation and onePK

Network Programming in a Cisco Open Networking Environment …


… provides Choice and Flexibility of
- APIs and Abstractions
- Architectures
- Deployment Models
… closes the gap between Business Applications and Networks
… enables Operational Savings and New Opportunities
… puts YOU in control

What will YOU Program ?


Prosíme, ohodnoťte
tuto přednášku.

© 2011
2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect 64
Děkujeme za pozornost.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect 65

You might also like