Your SlideShare is downloading. ×
0
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Cisco Automation with Puppet and onePK - PuppetConf 2013

11,572

Published on

"Cisco Automation with Puppet and onePK" by Jason Pfeifer Technical Marketing Engineer, Cisco. …

"Cisco Automation with Puppet and onePK" by Jason Pfeifer Technical Marketing Engineer, Cisco.

Presentation Overview: This session will provide an overview of the cisco developed puppet functionality for management and configuration of Cisco devices.

Speaker Bio: Jason is a Cisco Technical Marketing Engineer focusing on programmability and automation of Cisco network devices. He is currently supporting, discussing, evangelizing, and writing applications against Cisco's onePK SDK. He also has a long term love affair with Cisco's Embedded Event Manager.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
11,572
On Slideshare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
93
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Cisco Automation with Puppet and onePK Jason Pfeifer Technical Marketing Engineer
  • 2. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public ICTOperations A Decade Ago … Network Survivability à Manageability IT Services were: •  Static •  On premise •  Best effort •  Operated manually •  Agreed between humans ... - 2000
  • 3. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public ICTOperations During a Decade: Operational Maturity Evolution Network Survivability à Manageability Business Operations Survivable Managed Operated Business Objective Minimize Cost OPEX Control TCO/ROI Optimization Service Levels Best Effort Basic SLA Tailored SLA Process Everything ad-Hoc Tasks and Procedures Best Practice Models Round-trip > days > hours > minutes People Multi-Role Technology Hero Tiered Domain Expert Tiered Role and Domain Expert Technology Point scripts and tools Applications and point integrations Layered OSS Architecture Typical Anecdotes 2000 - 2010 I run this Company
  • 4. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public ICTOperations Recently … Network Survivability à Manageability à Automation Virtual / Overlay Networks Business Operations Business today requires: •  Self-Service, On-Demand •  On Premise, Remote, Hybrid Cloud •  Wired/Wireless, BYOD •  Tight SLA •  Increasingly Automated ... 2000 - 2010 Puppet
  • 5. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public ICTOperations Network Survivability à Manageability à Automation Virtual / Overlay Networks Business Operations Domain ControllersDomain Controllers APIs and Agents Inflection: Business-Driven Network Automations …
  • 6. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public ICTOperations Inflection: Network Programming Network Survivability à Manageability à Automation à Autonomy Virtual / Overlay Networks Business Operations Domain ControllersDomain Controllers APIs and Agents What if the ‘User’ is a Software App?
  • 7. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public “A platform for developing new control planes” “An open solution for VM mobility in the Data-Center” “A means to do traffic engineering without MPLS” “A way to scale my firewalls and load balancers” “A solution to build a very large scale layer-2 network” “A way to build my own security/encryption solution” “A way to reduce the CAPEX of my network and leverage commodity switches” “A way to optimize broadcast TV delivery by optimizing cache placement and cache selection” “A means to scale my fixed/mobile gateways and optimize their placement” “A solution to build virtual topologies with optimum multicast forwarding behavior” “A means to get assured quality of experience for my cloud service offerings” “A way to distribute policy/intent, e.g. for DDoS prevention, in the network” “A way to configure my entire network as a whole rather than individual devices” “A solution to get a global view of the network – topology and state” “Develop solutions at software speeds: I don’t want to work with my network vendor or go through lengthy standardization.” Simplified Operations New Business Opportunities Enhanced Agility I Want To Program My Network Because I Want…
  • 8. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public New ParadigmTraditional Approach Evolving Network Operating System Interaction App C Java Python Ruby Network OS Events App EEM (TCL) Actions Routing Data Plane Policy Interface Monitoring Discovery CLI AAA SNMP HTML XML Syslog Span Netflow CDP Routing Protocols Anythingyoucanthinkof
  • 9. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Cisco ONE Platform Kit (onePK) Router/ Switch YOUR Applications onePK Program API Presentation API Infrastructure Catalyst Nexus ASR ISR onePK IPC Channel Network Programming Environment to: §  Innovate §  Extend §  Automate §  Customize §  Enhance §  Modify
  • 10. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Where Do onePK Applications Run? Choose the Hosting Model that Suits Your Platform and Your Application 10 App Blade App App On An External Server •  Plentiful memory/compute •  Higher latency and delay •  Supported on by all platforms On A Hardware Blade •  Dedicated memory/compute •  Low latency and delay •  Requires modular hardware blade On the Router •  Shared memory/compute •  Very low latency and delay •  Requires modular software architecture “End-Node” “Blade” “Process” Perfect for Puppet Agent
  • 11. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public onePK Architecture C, Java, Python (Ruby) Program onePK API Presentation onePK API Infrastructure IOS / XE (Catalyst, ISR, ASR1K) NXOS (Nexus Platforms) IOS XR (ASR 9K, CRS)
  • 12. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public onePK APIs are Grouped in Service Sets Base Service Set Description Data Path Provides packet delivery service to application: Copy, Punt, Inject Policy Provides filtering (NBAR, ACL), classification (Class-maps, Policy-maps), actions (Marking, Policing, Queuing, Copy, Punt) and applying policies to interfaces on network elements Routing Read RIB routes, add/remove routes, receive RIB notifications Element Get element properties, CPU/memory statistics, network interfaces, element and interface events Discovery L3 topology and local service discovery Utility Syslog events notification, Path tracing capabilities (ingress/egress and interface stats, next-hop info, etc.) Developer Debug capability, CLI extension which allows application to extend/integrate application’s CLIs with network element Used by onePK Puppet Agent
  • 13. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Agent Model Applications Agent application resides on NE, utilizes onePK API library. Controller typically has network wide view, agent has individual box view. Choices: Agent/Controller communication methods Where bulk of processing occurs Agent Network Element onePK Controller Agent onePK Controller Agent Network Element onePK Agent onePK Controller onePK Path Computation PCC PCC PCC PCE PCEP Wireless LAN Control WLC AP AP AP CAPWAP
  • 14. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Security Five Ways App Security Admin Security Container Security Runtime Security Code Security Digital Signing Certification Process CLI Control Resource Allocation Isolation Resource Consumption Code Isolation Strong Typing AAA (PKI) Encryption (TLS)
  • 15. The OnePK Puppet Agent
  • 16. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Network Element Resident Agent Puppet master Puppet agent Native Puppet agent Puppet IPC N3K N7K
  • 17. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public NXOS onePK Agent Architecture §  onePK provides manageability abstraction. –  Avoids CLI scraping –  Consistent across cisco OSes –  Exposes dynamic device state and configuration §  Linux Container –  Runs distribution on OS kernel –  Fitted with cisco onepk libraries –  Isolates application failures from Network Element –  Flexibility for application developersDevice Components Management Agents Manageability Abstraction Device Management Infrastructure OS-specific Management Infrastructure XOS and Component APIs Traditional Management Agents (CLI, syslog, SNMP, XML) Next Generation Management Agents (Puppet, ..) onePK PL Transport/Marshaling onePK AL OS Shim LinuxContainer
  • 18. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Puppet + onePK MasterNexus Switch onePK Module Classify Compile Report Container onePK Infra Puppet Agent 3. Execute 1. Request 4. Report 2. Reply onePK API
  • 19. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Zero Touch Default Gateway N3K Switch DHCP & file server Puppet Master 1. Boot & Start POAP 2. Downloads image, base config and OVA file 3. Starts Puppet Agent and begins talking to Master ova manifest 4. Applies configuration through onePK
  • 20. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Puppet Types (Cisco) class cisco_onep { $ciscodev = "testdemo" cisco_device {$ciscodev: #log => debug, ensure => present, } cisco_interface { 'Ethernet1/8': description => 'Configured with puppet', switchport => access, access_vlan => 1001, element => $element, } cisco_vlan { 1001: ensure => present, vlan_name => 'red', state => active, element => $element, } } Cisco Device Cisco Interface Cisco VLAN
  • 21. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public onePK Puppet Agent CLI - Configuration Command Description Example Onep Application Application-name onep applications puppet Puppet Version puppet v0.8 Master Puppet Master IPv4/FQDN and Port master bxb-oa-linux2.cisco.com port 8999 VRF VRF name vrf management Cert-name Certificate name: Support shared certificate and non-shared certificate cert-name n3k-oa-3.cisco.com Environment Environment (categorization) environment bxb_oa_n3k_3 Node-name Node name node-name facter Default-username Device credentials default-username lab password lab Run-interval Run frequency run-interval 180 Domain-name Domain name domain-name cisco.com Splay Pseduo random frequency add splay splay-limit 60 Activate Activate daemon mode activate Name-server DNS name-server 173.37.87.157
  • 22. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public onePK Puppet Agent CLI – Execution & Monitoring Command Group Description Example Noop Execute Noop execution execute onep application puppet v0.8 puppet_agent agent-noop Oneshot Execute One time execution execute onep application puppet v0.8 puppet_agent agent-oneshot Ssl-all Clear Clear all certificates and private keys clear onep application puppet v0.8 puppet_agent ssl-all Ssl-cert Clear Clear certificate clear onep application puppet v0.8 puppet_agent ssl-cert Show Oper Data Show Show puppet agent config data (master (server) name, run interval, etc.) show onep application puppet v0.8 puppet_to agent agent oper-data Show Last Exec Log Show Show log from most recent noop or oneshot mode run (exec mode run) show onep application puppet v0.8 puppet_agent agent last-exec-log Show Run History Show Show logs from most recent daemon mode runs show onep application puppet v0.8 puppet_agent agent run-history run-number 1 Show Puppet Config Show Shows puppet agent –config print all show onep application puppet v0.8 puppet_agent config Show Puppet Copyright Show Show Puppet Agent copyright show onep application puppet v0.8 puppet_agent copyright Show Facter Show Show all facter variables. show onep application puppet v0.8 puppet_agent facter Show Log CLI Show Troubleshooting support show onep application puppet v0.8 puppet_agent agent log cli
  • 23. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public onePK Puppet Agent CLI – Debug Command Group Description Example Debug Puppet Agent Level Debug Enable debug level (verbose, etc.) debug onep application puppet v0.8 puppet_agent agent level 1 Debug Puppet CLI Debug CLI Troubleshooting debug onep application puppet v0.8 puppet_agent cli Debug Puppet pmgmt Debug Management daemon troubleshooting debug onep application puppet v0.8 puppet_agent pmgmt Debug Puppet Util Debug Utility troubleshooting debug onep application puppet v0.8 puppet_agent util
  • 24. onePK Puppet Agent Demo
  • 25. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public References §  For more information on onePK –  http://developer.cisco.com/web/onepk/home §  Mail aliases –  Puppet §  puppet-feedback@cisco.com –  onePK §  onepk-feedback@cisco.com §  jpfeifer@cisco.com

×