Service containers on the ISR 4400
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Service containers on the ISR 4400

on

  • 1,478 views

Service containers on the ISR 4400

Service containers on the ISR 4400
Wed 22nd Nov 11:00am - 11:40am

Statistics

Views

Total Views
1,478
Views on SlideShare
937
Embed Views
541

Actions

Likes
0
Downloads
21
Comments
0

1 Embed 541

http://www.fryguy.net 541

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Slide Notes:The new ASR1K and 4451-X architecture allows us to deliver common applications in a variety of different ways.The same application can run at different performance levels inside the Linux host OS, on an internal Services Blade (NG-SRE), or on an external server.Applications connect to the network through a set of APIs that are common across Cisco platforms. (Connected Apps or ONE-P Service Sets)Some Cisco applications will also have components living within the data plane in the network. These will have better performance and tighter integration in the network with the application data plane integrated into the network data plane. Other portions of these applications can still exist in the same hosting options previously described. ETAB QuestionsHow compelling would it be to be able to run your own custom applications on future routers in a protected container?What applications (either Cisco, 3rd party, or your own) would you like to see on future routers?Would you buy an application to run on your router (in either the host OS or on a blade) from a 3rd party or a Cisco App-Store? Would you trust Cisco to protect the core router functionality enough to run additional applications in the router’s control plane?Does this answer change if it’s a Cisco app, 3rd party or your own custom application?If Cisco offered an consulting service to assist with the development of your own custom applications, would you use it?What support, if any, would you expect Cisco to provide for custom or 3rd party applications?
  • VM and Virtual Service are interchangeable terms for our purposes.
  • 2 flavors – KVMvs LXC: KVM has complete isolation. LxC is shared resources (and generally better performance)
  • Install it, configure it, start it, manage it…
  • Name of service a tag that you choose. Disk is the media where the file is stored. Default is to store on harddisk (some platforms may not support other media for apps) This can take some time!!!!!
  • This just shows multiple things going on, but the config is for container-2. the other containers would need their own configs.
  • Sample of profiles
  • Once installed, then you need to activate to run the vm. The status is important. VirtPortgroup status tracks with the vm status.
  • Reference slide to show VM version and platform limits. Infra is vman version. What is committed and what is still available.
  • Details for a particular vm. Application version, reported by the app to the infra.
  • You can see the profiles for a particular vm, if they have implemented them. It shows what resources it will require as well in the detail option.
  • App console
  • Here’s how you see the host / infra log (vman_R0.log, known as the ‘vman log’) TOP entry is NEWEST
  • Upgrade, if supported by the application itself. (Filesystem presented options to virt infra, not all applicable for upgrades)
  • WAAS license is tied to the router, not the module. Expand/change on demand up to 2500 connections for one price.Sizing above, assuming 10 Connections per userWAAS Express is great for Bandwidth reduction and simple, small offices that don’t require advanced application acceleration.WAAS on SRE gives a customer a complete solution for Advanced Application Acceleration.WAAS on UCS-E gives the same benefit as SRE, with additional capacity, along with capacity for other hosted services.New App License List costs: Previous DATA List: Delta Cost for WAAS: Previous cost for WAAS Express/Appliance: Savings:SL-19-AX-K9= $700 SL-19-DATA-K9= $600 $100 $1,000 / NA $900 / routerSL-29-AX-K9= $1,000 SL-29-DATA-K9= $700 $300 $2,000 / $15,500 $1,700 - $15,200 / routerSL-39-AX-K9= $2,000 SL-39-DATA-K9= $1,000 $1,000 $2,500 / $22,000 $1,500 - $21,000 / routerTo use WAAS Express: Select Maximum Memory when ordering.To use WAAS on SRE: Select SRE 910 Module when ordering.To use WAAS on UCS-E: Add UCS-E module to ISR-AX order with sufficient CPU/Disk/Memory to run vWAAS 1300/2500

Service containers on the ISR 4400 Presentation Transcript

  • 1. An Introduction to Service Containers © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
  • 2. Traditional Network Services Traditional Features Cisco Network Operating System Feature © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
  • 3. © 2013 Cisco and/or its affiliates. All rights reserved. Container Feature or Application Container Feature or Application Container Feature or Application Physical Server or “Cloud” Physical Server Feature or Application Container Physical Server Feature or Application Physical Server What’s happening in the server world. Feature or Application Cisco Public 3
  • 4. Future Service Delivery Write once. Run anywhere. Service Container End-Point Hosting Cisco Network Operating System Container Feature or Application Cisco Network Operating System Container Feature or Application External Server Blade Cisco Network Operating System Blade Hosting with Hypervisor © 2013 Cisco and/or its affiliates. All rights reserved. Feature or Application Cisco Public 4
  • 5. What is a Service Container? Service Containers use virtualization technology to provide a hosting environment on Cisco routers & switches for applications which may be developed and released independent of platform release cycles. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
  • 6. Use Cases for Service Containers Virtualized environment on a cisco device. Use Case Cisco Virtual Services: • Work/Appliance Consolidation • Example: ISR-WAAS on ISR4451-X Service Containers Use Case Cisco Agents: • Integral Router Features with decoupled release cycles • Example: RESTFul API in the CSR1000v Network OS Use Case Signed Third Party Services: • Container Hosted OnePK Applications Container Virtual Service © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
  • 7. Where is this happening? Catalyst 4500 Sup 7E • Wireshark and future services ISR4451-X • WAAS and future services Cloud Services Router 1000v • REST API for automated deployment Nexus 3000, 5000, 6000 & 7000 • 3rd Party Embedded Services © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
  • 8. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
  • 9. OnePK Evolving How We Interact With the Network Operating System CLI New Paradigm Anything you can think of Traditional Approach IOS SNMP HTML Monitoring XML AAA Interface CDP App Policy Discovery Syslog Netflow Routing Protocols Routing Data Plane Span Actions © 2013 Cisco and/or its affiliates. All rights reserved. Events C Java Python App EEM (TCL) Cisco Public 9
  • 10. Introducing One Platform Kit - onePK Applications That YOU Create Flexible development environment to: • Innovate • Extend • Automate onePK • Customize • Enhance • Modify Any Cisco Router or Switch © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
  • 11. Future Service Delivery Write once. Run anywhere. Feature or Application onePK Interface © 2013 Cisco and/or its affiliates. All rights reserved. End-Point Hosting Cisco Network Operating System Container Blade Cisco Network Operating System Blade Hosting Cisco Network Operating System Container Feature or Application External Server Service Container Feature or Application Cisco Public 11
  • 12. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
  • 13. Example Architecture: ISR4451-X IOSd Control Plane Future Cisco Embedded Network Services ISR-WAAS Linux OS Common API (onePK) Platform Specific Data Plane onePK Internal Services Blade (UCS ESeries) © 2013 Cisco and/or its affiliates. All rights reserved. AppNav AVC Other Data Plane Features onePK External Services Blade (UCS) Cisco Public 13
  • 14. ISR 4451-X Block Diagram Control Plane (1 core) & Services Plane (3 cores) Service Containers Live Here Data Plane (10 cores) Multi Gigabit Fabric FPGE ISC SM-X SM-X NIM © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
  • 15. Terminology Virtual-Service: This refers to the container service configuration object. It is sometimes also called the Virtual Machine: (VM) or the container. Host: The IOS-XE, NXOS system software Guest: An instance of the foreign software being hosted. It is sometimes referred to as the application. OVA: The software package provided by the application writer which contains the application and metafiles used to create the hosting environment. (Open Virtualization Archive) Distribution: The complete set of software provided by the application development team. KVM: Kernel Virtual Machine LxC: Linux Container © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
  • 16. Service Container Technologies KVM Description: Description: Characteristics: • Isolates Guest Operating System from Host OS • Takes advantage of CPU hardware extensions found on server-class processors (e.g., Intel’s VT-x technology) • Provides the highest level of guest/host isolation. Application Guest Root File System Guest OS Kernel This is an operating system virtualization technology (not a hypervisor) that shares the host kernel with the guest but provides isolation through namespace extensions to the Linux kernel. Characteristics: • Native Performance, no device emulation or CPU specific requirements • Support across Processor Architectures (MIPs, PPC, Intel) • More easily allows sharing of host services/libraries into guest • Host has direct visibility into resource usage and contention • Guest applications run on the same OS kernel and thus there’s less isolation and fault separation IOS & Host Service KVM is a virtual machine emulation of the underlying hardware. KVM runs as a Type 2 hypervisor on IOS-XE. IOS/VMAN provide VM management Services. IOS & Host Service LXC Application Guest Root File System Host OS (Linux Root File System) Host OS (Linux Root File System) Host OS (Linux Kernel) Host OS (Linux Kernel) Hardware Resource Hardware Resource © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
  • 17. Application Signing Platforms with Service Containers Cisco Application Signature Cisco and 3rd Party Applications • Trust Level Defined per platform • Some platforms might allow unsigned applications • Applied to identify trusted applications • Securely signed and identified Service Container OVA • Submitted to Cisco Developer Network for certification and signing Trusted Application Signatures © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
  • 18. Cisco Prime Infrastructure 2.0 Full Service Container Lifecycle Management Automated Point-and-Click LifeCycle Management for Service Containers Point-and-Click deployment of Service Containers Automated and scheduled provisioning. Simplified Templates and Configuration Advice Full Life-Cycle Management Role-Based Access Support for a wide range of Service Container Types Automated management for Containers across the network © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
  • 19. Virtual Service Deployment Workflow Hosted Service Deployment Model router#virtual-service install name <app_name> package <file_uri> router#interface VirtualPortGroup1 ip address 3.3.3.1 255.255.255.0 Install Service (package) router#virtual-service uninstall name <app_name> router#virtual-service upgrade name <app_name> package <file_uri> Un-Install Service Start Service router#virtual-service <app-name> activate Manage Service © 2013 Cisco and/or its affiliates. All rights reserved. Configure Service Upgrade Service (Host Initiated) router#show virtual-service connect router#show log router#copy core router#virtual-service <app-name> interface virtualPortGroup1 ip address 3.3.3.2 profile app-model-1 Monitor Service router#show router#show router#show router#show virtual-service virtual-service virtual-service virtual-service global list detail name <app-name> utilization name <app-name> Cisco Public 19
  • 20. Install Virtual Service Software Package router#virtual-service install name WAAS package harddisk:ISR4451X-WAAS5.2.0-b27.ova [media harddisk:] Package "harddisk:/ISR4451X-WAAS-5.2.0-b27.ova" is currently being installed for virtual service “WAAS". Once the install is finished, please activate the VM to run the VM. router# Feb 14 19:37:09.886: %VIRT_SERVICE-5-INSTALL_STATE: Successfully installed virtual service WAAS router# Install command specifies the following… • User selected name of virtual service • Location of the OVA package file • [optional] destination media  On ASR1K and ISR4451-X platforms we support installation to harddisk only. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
  • 21. Configure Virtual Service virtual-service Container-2 interface VirtualPortGroup1 interface VirtualPortGroup2 10.10.10.2 Container-2 10.10.20.2 Container-1 10.10.10.3 interface VirtualPortGroup1 ip address 10.10.10.1 255.255.255.0 load-interval 30 ! interface VirtualPortGroup2 ip address 10.10.20.1 255.255.255.0 br0 (subnet 10.10.10.x) Container-3 Container-4 10.10.20.3 10.10.20.4 br1 (subnet 10.10.20.x) interface VirtualPortGroup1 ip address 10.10.10.1 interface VirtualPortGroup2 ip address 10.10.20.1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
  • 22. Configure Virtual Service (Profiles) router(config)#virtual-service WAAS router(config-virt-serv)#profile ? ISR-WAAS-1300 ISR-WAAS profile for 1300 TCP connections ISR-WAAS-2500 ISR-WAAS profile for 2500 TCP connections ISR-WAAS-750 ISR WAAS profile for 750 TCP connections Example: ISR-WAAS Profiles Profile Name Description CPU Memory DRE Disk ISR-WAAS-750 WAAS Profile for 750 connections 25% 4G 150G ISR-WAAS-1300 WAAS Profile for 1300 connections 50% 6G 150G ISR-WAAS-2500 WAAS Profile for 2500 connections 75% 8G 350G © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
  • 23. Activate Virtual Service router#show virtual-service list Virtual Service List: Name Status Package Name ------------------------------------------------------------------WAAS Installed ISR4451X-WAAS-5.2.0-b... router(config)#virtual-service waas router(config-virt-serv)#activate router(config-virt-serv)#end router# Feb 14 19:53:02.070: %VIRT_SERVICE-5-ACTIVATION_STATE: Successfully activated virtual service WAAS Feb 14 19:53:04.069: %LINK-3-UPDOWN: Interface VirtualPortGroup3, changed state to up Feb 14 19:53:05.070: %LINEPROTO-5-UPDOWN: Line protocol on Interface VirtualPortGroup3, changed state to up router#show virtual-service list Virtual Service List: Name Status Package Name ------------------------------------------------------------------WAAS Activated ISR4451X-WAAS-5.2.0-b... © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
  • 24. Show Virtual Service: Global Information router#show virtual-service Virtual Service Global State and Virtualization Limits: Infrastructure version : 1.2 Total virtual services installed : 3 Total virtual services activated : 2 Maximum Maximum Maximum Maximum Maximum memory for virtualization : 10240 MB HDD storage for virtualization : 381536 MB bootflash storage for virtualization : 7107 MB system CPU : 75% VCPUs per virtual service : 6 Committed memory Committed disk storage Committed system CPU : 6144 MB : 182939 MB : 25% Available memory Available disk storage Available system CPU : 4096 MB : 202236 MB : 50% Machine types supported Machine types disabled : KVM, LXC : none © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
  • 25. Show Virtual Service: Detail • Provides detailed view of Guest machine resources (verbose) router#show virtual-service detail name WAAS Virtual Service WAAS Detail: Package metadata: Package name : ISR4451X-WAAS-5.2.0-b2.ova Application name : ISR-WAAS Application version : 1.0 Application description : WAAS Certificate type : N/A Signing method : SHA512 Licensing name : ISR-WAAS Licensing version : 1.0 OVA path : /vol/harddisk/ISR4451X-WAAS-5.2.0-b2.ova State : Activated Detailed guest status : Version: oe-vwaas-5.2.0.2 The system has been up for 2 days, 23 hours, 35 minutes, 22 seconds. Interception-method: appnav-controller Current Service Node state : Operational Time Service Node entered current state : Mon Feb 11 20:25:07 2013 System State: Running <snip> © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
  • 26. Show Virtual Service Profiles router#show virtual-service profile name WAAS Virtual Service WAAS profiles: Name Description Allowed ----------------------------------------------------------------------------------ISR-WAAS-2500 ISR-WAAS profile for 2500 TCP connections Yes ISR-WAAS-1300 ISR-WAAS profile for 1300 TCP connections Yes ISR-WAAS-750 ISR WAAS profile for 750 TCP connections Yes router#show virtual-service profile name WAAS detail Virtual Service WAAS Profile Details: Profile name : ISR-WAAS-2500 Description : ISR-WAAS profile for 2500 TCP connections License name : ISR-WAAS License version : 1.0 Resource admission : No Resource requirements : Disk space : 360879MB Memory : 8192MB CPU : 75% system CPU VCPUs : 6 (sockets:1 cores:6 threads:1) <SNIP> © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
  • 27. Connect to Virtual Service router#virtual-service connect name WAAS console Connected to appliance. Exit using ^c^c^c Cisco Wide Area Application Engine Console Username: © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
  • 28. Show Virtual Service Log router#show platform software trace 02/14 19:16:13.370 [vman]: (debug): 02/14 19:16:01.337 [vman]: (debug): 02/14 19:16:01.334 [vman]: (debug): 02/14 19:16:01.334 [vman]: (debug): 02/14 19:16:01.334 [vman]: (debug): 02/14 19:16:01.334 [vman]: (debug): show_trace_msg_request 02/14 19:16:01.334 [vman]: (debug): 02/14 19:16:01.334 [vman]: (debug): © 2013 Cisco and/or its affiliates. All rights reserved. message virt-manager rp active Request content Finished continuation of show_trace_msg_request Request content Continuing show_trace_msg_request Finished continuation of show_trace_msg_request Application registered continuation for Registering show_trace_msg_request for continuation Request content Cisco Public 28
  • 29. Upgrade Virtual Service router#virtual-service upgrade name waas package ? bootflash: Appliance package cns: Appliance package flash: Appliance package harddisk: Appliance package null: Appliance package nvram: Appliance package system: Appliance package tar: Appliance package tmpsys: Appliance package router#virtual-service upgrade name waas package harddisk:ISR4451X-WAAS-5.2.0-b2.ova © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
  • 30. Un-install Virtual Service router#virtual-service uninstall name WAAS router# Feb 14 19:34:29.765: %VIRT_SERVICE-5-INSTALL_STATE: Successfully uninstalled virtual service WAAS router# © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
  • 31. • ISR-WAAS Simplified Deployment • REST API for automated CSR1000v deployment • Nexus 3k, 5k, 6k & 7k support for open containers © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
  • 32. Key Benefits with ISR4451-X ISR-WAAS “All in a box – simple to deploy” FULL FEATURED WAAS ACCELERATOR INSIDE Native • Tighter Integration • Service aware data plane – AppNav • Dedicated Resources © 2013 Cisco and/or its affiliates. All rights reserved. Simple • 3 steps to setup within 10 minutes Scalable • Up to 2500 connections 150Mbps optimized WAN • Embedded AppNav to expand w/ WAAS on UCS-E or externally Cisco Public 32
  • 33. Router# service waas enable Step 1: Choose WAAS Profile © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
  • 34. Step 2: Choose WAN Interface © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
  • 35. Step 3: Verify and Activate © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
  • 36. Cisco IOS Software in Virtual Form-Factor CSR 1000V App App • Selected Features of IOS XE primarily for Cloud Use Cases OS OS • Server, Switch, Multi-Hypervisor (ESXi, KVM, Xen) VPC/ vDC • Small Footprint (reducing from 4 vCPU to 1), Low Hypervisor Virtual Switch Physical Server Performance • Elastic Capacity (10 Mbps and up Throughput, 2 to 8 GB RAM) • RESTful APIs (leverages OnePK) for Automated Management Enterprise-class Networking with Rapid Deployment and Flexibility © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
  • 37. Example: RESTful API for CSR1000v REST API Web Interface written in Python LXC Service Container onePK API Infrastructure IOS XE © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
  • 38. Nexus OS Open Container Architecture User/3rd Party C, JAVA, Python Program User/3rd Party C, JAVA, Python Program Open LxC Service Containers onePK API Infrastructure NXOS (Nexus Platforms) © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
  • 39. What to Look For in the Future Flexible Services from Cisco Additional Options for 3rd Party Services • Virtual Services Write once and run in many locations. • Partner Applications Applications from third parties tested and certified by Cisco • Parity Across Devices Identical features and feel on appliances, virtual devices and service containers. • Customer Applications More options per-platform for un-signed applications. • Simplified Install Management tools and installation scripts to make working with services easier. • Development Assistance Application Development Kits and assistance available as a service. More Install Options • Platforms More platforms being introduced with support for service containers. • Modules Modules in several platforms that can run the same service containers. • Development Servers Service Container support within dedicated servers. Consistent, Powerful and Portable Network Applications © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
  • 40. Thank you.
  • 41. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41