Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Exploring the Final Frontier of Data Center Orchestration: Network Elements - PuppetConf 2014

1,752 views

Published on

Exploring the Final Frontier of Data Center Orchestration: Network Elements - Jason Pfeifer, Cisco

Published in: Technology
  • Be the first to comment

Exploring the Final Frontier of Data Center Orchestration: Network Elements - PuppetConf 2014

  1. 1. Network Elements The Final Frontier of Data Center Automation Presented by Jason Pfeifer Technical Marketing | Cisco
  2. 2. Presented by Why? I can spin up servers in minutes with my Puppet workflows, why does it take orders of magnitude more to spin up and affect change on my Network Elements?”
  3. 3. Presented by IT Management Challenges Agility 60% of IT managers are not satisfied with the speed at which IT responds to business needs Reliability $72,000 / hr cost of downtime due to manual errors and configuration drift Productivit y 48% of IT professionals spend 50% or more of their time on basic administrative tasks Shadow IT 36% of employees have already used “unapproved” cloud services Insight 93% of IT professionals cannot answer “What changed?” when an outage incident occurs Sources: Gartner, Kaseya, Harvey Nash, Vanson Bourne, Evolven, InformationWeek Similar Challenges in the NetOps Space
  4. 4. Presented by Network Operations Challenges Agility Rollout speed of network equipment is slow. After physical kit is installed, configuration should be immediate. Reliability Huge cost of downtime due to manual errors and configuration drift Productivit y Networking professionals spend 50% or more of their time on basic administrative tasks, CLI interaction , screen scraping output Home Built Employees have home built scripts / one –off procedures specific to the local network environment Insight “What changed?” plagues the industry when an outage incident occurs. How do we recover? Sources: Disgruntled Network Administrators
  5. 5. NetOps CUSTOM ONE-OFF SCRIPTS Presented by Existing Management Solutions = Insufficient CUSTOM ONE-OFF SCRIPTS for i in $(cat host.cfg) do ssh user@$i uname -a done • Not reusable across different applications or operating systems • What happens when original author Sources: THINKstrategies/FrontRange leaves? IT spawn telnet $ip(t)$port(t) expect "Trying $in_telnet...r* Connected to $in_telnet.r* Escape character is '^]'.r*” send -- "r”
  6. 6. Puppet Automates Infrastructure for Network Admins NETOPS MANAGEMENT STACK Monitoring Help Desk Presented by NETWORK STACKS Reporting Asset Management Applications Code & Data Controllers Operating Systems Physical & Virtual Nodes Discovery Provisioning Configuration Orchestration Automation Service Catalog Lifecycle management for heterogeneous environments possible
  7. 7. Monitoring Agent Version Control Presented by NetOps Agent CENTRALIZED MANAGEMENT SERVER GUI Workflows Reporting Admin & Security Hardware Node VM Node Cloud Node DISTRIBUTED AGENTS CLOUD-BASED REPOSITORY OF PRE-BUILT SOLUTIONS Puppet Forge Agent Agent Agent 3RD PARTY INTEGRATIONS CMDBs LDAP & AD Switch
  8. 8. Enabling Technologies Presented by
  9. 9. Presented by NX-OS Architecture Layer-2 Protocols Layer-3 Protocols Storage Protocols VLAN Mgr STP Interface Management Chassis Management Kernel Sysmgr, PSS & MTS SNMP, XML, CLI Management, NXAPI Chip/Driver Infrastructure OSPF BGP EIGRP GLBP HSRP VRRP VSANs Zoning FCIP FSPF IVR UDLD CDP IGMP snp 802.1X LACP CTS PIM SNMP Container Services (ADT / Guest Shell) … … Protocol Stack (IPv4 / IPv6 / L2) Shell Access onePK (Element / VTY)
  10. 10. Presented by NXAPI • CLI Interaction with device over HTTP / HTTPS • Input/Output encoded in JSON or XML (key for programmability) Show clock NXAPI Web Server (NGINX) [ { "jsonrpc": "2.0", "method": "cli", "params": { "cmd": "show clock", "version": 1 }, "id": 1 } ] { "jsonrpc": "2.0", "result": { "body": { HTTP / HTTPS "simple_time": "15:00:37.762 PST Mon Aug 18 2014n" } }, "id": 1 } Switch# conf t Switch(config)# feature nxapi Switch(config)# exit
  11. 11. Presented by NXAPI - Response { "jsonrpc": "2.0", "result": { "body": { "header_str": "Cisco Nexus Operating System (NX-OS) ", "bios_ver_str": "3.22.0", "kickstart_ver_str”: "7.1(0)D1(1) [build 7.1(0)ZD(0.102)] [gdb]", "sys_ver_str": "7.1(0)D1(1) [build 7.1(0)ZD(0.102)] [gdb]", "bios_cmpl_time”: "02/20/10", "kick_file_name”: "bootflash:///n7000-s1- kickstart.7.1.0.ZD.0.102.gbin", "kick_cmpl_time”: " 2/11/2014 18:00:00", "kick_tmstmp": "03/14/2014 05:31:12", "isan_file_name”: "bootflash:///n7000-s1-dk9.7.1.0.ZD.0.102.gbin", "isan_cmpl_time”: " 2/11/2014 18:00:00", "isan_tmstmp": "03/13/2014 23:16:21", "chassis_id": "Nexus7000 C7010 (10 Slot) Chassis", "module_id": "Supervisor Module-1X", "cpu_name": "Intel(R) Xeon(R) CPU ", "manufacturer”: "Cisco Systems, Inc." } }, "id": "1" } Output
  12. 12. Presented by ONE Platform Kit (onePK) Applications onePK Any Cisco Router or Switch C, JAVA, Python API Presentation API Abstraction Catalyst Nexus ASR ISR IPC Channel Network Programming Environment to: • Innovate • Extend • Automate • Customize • Enhance • Modify
  13. 13. Presented by Where Do onePK Applications Run? Choose the Hosting Model that Suits Your Platform and Your Application 16 App Blade App App On An External Server • Plentiful memory/compute • Higher latency and delay • Supported on by all platforms On A Hardware Blade • Dedicated memory/compute • Low latency and delay • Requires modular hardware blade On the Router • Shared memory/compute • Very low latency and delay • Requires modular software architecture
  14. 14. Traditional Approach New Paradigm App C Java Python (Ruby*) Presented by Network OS Events App Monitoring Routing Data Plane Actions EEM (TCL) Policy Interface Discovery CLI SNMP HTML XML AAA CDP Syslog Netflow Routing Protocols Span Anything you can think of Evolving How We Interact
  15. 15. Presented by APIS Are Grouped (Service Sets) Service Set Description Data Path Provides packet delivery service to application: Copy, Punt, Inject Policy Provides filtering (NBAR, ACL), classification (Class-maps, Policy-maps), actions (Marking, Policing, Queuing, Copy, Punt) and applying policies to interfaces on network elements Routing Read RIB routes, add/remove routes, receive RIB notifications Element Get element properties, CPU/memory statistics, network interfaces, element and interface events Discovery topology and local service discovery Utility Syslog events notification, Path tracing capabilities (ingress/egress and interface stats, next-hop info, etc.) Developer Debug capability, CLI extension which allows application to extend/integrate application’s CLIs with network element
  16. 16. Controller onePK Agent onePK CAPWAP Presented by Agent application resides on NE, utilizes onePK API library Choice of communication methods between agent and controller Choice of where bulk of processing will occur. Controller typically has network wide view, agent has individual box view. Examples Web application with REST interface Management over XMPP Controller Agent onePK Controller Agent onePK Network Element Agent onePK Network Element Path Computation PCE PCEP PCC PCC PCC Wireless LAN Control WLC AP AP AP Agent Model Applications
  17. 17. Dev Ops Plug-ins Container Presented by Dev Ops - Plug Ins  Container based packaging of Dev Ops agents  Device hosted  Software runs on local device  Standard  Standard Linux software  Software independence  Secure: Not running in host OS  TTM: Host release independence, fast TTM NOS OS/Linux Switch/Router
  18. 18. NXOS Puppet Integration Presented by
  19. 19. Cisco Nexus Cisco Nexus Cisco Nexus Presented by Compute/Storage Servers
  20. 20. Network OS Puppet Agent Presented by Data Center Network Puppet Master LXC Container Cisco Puppet Plug-In:Architecture onePK Cisco Network Resources
  21. 21. Presented by Cisco NXOS Puppet Agent Integration  Packaged as virtual-services LXC container OVA  OVA registers CLI extensions  Configuration commands  Show commands  Exec commands  Clear commands  Debug commands  OVA syslogs are linked to NXOS syslog  “show log”
  22. 22. Presented by Cisco Puppet Agent Configuration Example  Puppet configuration mode  (config)# puppet  (config-puppet)# master pmaster.cisco.com port 8999  (config-puppet)# vrf management  (config-puppet)# run-interval 180  (config-puppet)# domain-name cisco.com  (config-puppet)# name-server 4.1.1.128  (config-puppet)# activate
  23. 23. Presented by Puppet Deployment using POAP DHCP Script Config Switch downloads script DHCP phase: Execute script locally Get IP Address, Gateway Script server IP Script file name Download software images Download running-config Download puppet_plugin.ova Download plugin_activate.py script 1 Power up Switch with no startup-config and default images NXOS Puppet OVA Reload the router with downloaded software plugin_activate.py script executes , installing and activating puppet_plugin.ova Puppet Master Once the plugin is activated, puppet agent running inside the container will establish a session with the puppet master and retrieve catalogues, etc. 2 3 4 5 6
  24. 24. Image/Patch New Server/VM Deployment Config. Distribution Presented by Package Repository Puppet/C Puppet Master Device Plug-in Device Plug-ins: • Manage images and patches/SMUs hef Master New server Server Admin • Security policies, mgmt. servers (syslog, dns, snmp etc.) are common across the network. • Inject changes at master Puppet/Ch Network ef Master Admin • ToR configuration for every new device onboarded • Reduce Manual process • Master puts the new server in the right VLAN/segment / ACL’s
  25. 25. Presented by Cisco Puppet Resource Type Coverage: Feature Resource Name Description Cisco Device Access cisco_device Allows credentials for user access control & accounting Base L2/L3 interface cisco_interface General interface & L2/L3 base settings VLAN cisco_vlan Create/destroy of VLANs and general settings Interface-vlan (SVI) cisco_interface_vlan Create/destroy of SVIs and SVI specific interface settings VLAN Trunking Proto (VTP) cisco_vtp VTP global settings SNMP cisco_snmp_server cisco_snmp_community cisco_snmp_group cisco_snmp_user SNMP monitoring settings. Notification receiver settings not covered as of now. OSPF cisco_ospf cisco_ospf_vrf cisco_interface_ospf OSPF instance create/destroy, per-VRF settings, and interface settings (area, cost, msg digest, etc)
  26. 26. Presented by Cisco Puppet Resource Type Coverage Feature Resource Description TACACS/AAA*** ***full set not available at EFT target date cisco_tacacs_server cisco_tacacs_server_host cisco_aaa_tacacs_group cisco_aaa_authentication cisco_aaa_authorization cisco_aaa_accounting • TACACS global settings • TACACS per-host settings • group association and settings • mapping of groups to AAA features (authentication, authorization, accounting). Raw Config CLI commands cisco_command_config Resource to directly apply blocks of configuration CLI commands.
  27. 27. Presented by Demo

×