The document discusses the integration of Cisco's automation capabilities with Puppet and OnePK to enhance network manageability, survivability, and automation in business operations. It highlights the evolution from manual, static processes to automated, self-service solutions that operate in hybrid cloud environments, emphasizing the need for programmatic control over network resources. Additionally, it outlines the architecture and functionalities of the OnePK API, Puppet integration, and various command-line interface (CLI) commands for effective network management and configuration.

1. Cisco Automation with Puppet and onePK
Jason Pfeifer
Technical Marketing Engineer

2. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
ICTOperations
A Decade Ago …
Network
Survivability à Manageability
IT Services were:
• Static
• On premise
• Best effort
• Operated manually
• Agreed between humans
... - 2000

3. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
ICTOperations
During a Decade: Operational Maturity Evolution
Network
Survivability à Manageability
Business Operations
Survivable Managed Operated
Business
Objective
Minimize Cost OPEX Control
TCO/ROI
Optimization
Service Levels Best Effort Basic SLA Tailored SLA
Process
Everything
ad-Hoc
Tasks and
Procedures
Best Practice
Models
Round-trip > days > hours > minutes
People
Multi-Role
Technology
Hero
Tiered Domain
Expert
Tiered Role and
Domain Expert
Technology
Point scripts
and tools
Applications and
point
integrations
Layered OSS
Architecture
Typical
Anecdotes
2000 - 2010
I run
this
Company

4. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
ICTOperations
Recently …
Network
Survivability à Manageability à Automation
Virtual / Overlay Networks
Business Operations
Business today requires:
• Self-Service, On-Demand
• On Premise, Remote, Hybrid Cloud
• Wired/Wireless, BYOD
• Tight SLA
• Increasingly Automated ...
2000 - 2010
Puppet

5. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
ICTOperations
Network
Survivability à Manageability à Automation
Virtual / Overlay Networks
Business Operations
Domain ControllersDomain Controllers
APIs and Agents
Inflection: Business-Driven Network Automations …

6. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
ICTOperations
Inflection: Network Programming
Network
Survivability à Manageability à Automation à Autonomy
Virtual / Overlay Networks
Business Operations
Domain ControllersDomain Controllers
APIs and Agents
What if the ‘User’ is a Software App?

7. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
“A platform for developing
new control planes”
“An open solution for VM
mobility in the Data-Center”
“A means to do
traffic engineering
without MPLS”
“A way to
scale my
firewalls and
load
balancers”
“A solution to build a very large scale
layer-2 network”
“A way to build my own
security/encryption solution”
“A way to reduce the
CAPEX of my network
and leverage commodity
switches”
“A way to optimize broadcast TV delivery
by optimizing cache placement and
cache selection”
“A means to scale my fixed/mobile
gateways and optimize
their placement”
“A solution to build virtual
topologies with optimum
multicast forwarding behavior”
“A means to get assured
quality of experience for
my cloud service offerings”
“A way to distribute policy/intent, e.g.
for DDoS prevention, in the network” “A way to configure my entire network
as a whole rather than individual
devices”
“A solution to get a global view of the
network – topology and state”
“Develop solutions at software speeds: I don’t
want to work with my network vendor or go
through lengthy standardization.”
Simplified
Operations
New
Business
Opportunities
Enhanced
Agility
I Want To Program My Network Because I Want…

8. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
New ParadigmTraditional Approach
Evolving Network Operating System Interaction
App
C
Java
Python
Ruby
Network OS
Events
App
EEM (TCL)
Actions
Routing
Data Plane
Policy
Interface
Monitoring
Discovery
CLI
AAA
SNMP
HTML
XML
Syslog
Span
Netflow
CDP
Routing Protocols
Anythingyoucanthinkof

9. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
Cisco ONE Platform Kit (onePK)
Router/
Switch
YOUR
Applications
onePK
Program
API Presentation
API Infrastructure
Catalyst Nexus
ASR
ISR
onePK IPC Channel
Network Programming
Environment to:
§ Innovate
§ Extend
§ Automate
§ Customize
§ Enhance
§ Modify

10. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
Where Do onePK Applications Run?
Choose the Hosting Model that Suits Your Platform and Your Application
10
App
Blade
App
App
On An External Server
• Plentiful memory/compute
• Higher latency and delay
• Supported on by all platforms
On A Hardware Blade
• Dedicated memory/compute
• Low latency and delay
• Requires modular hardware blade
On the Router
• Shared memory/compute
• Very low latency and delay
• Requires modular software architecture
“End-Node”
“Blade”
“Process”
Perfect for Puppet
Agent

11. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
onePK Architecture
C, Java, Python (Ruby) Program
onePK API Presentation
onePK API Infrastructure
IOS / XE
(Catalyst, ISR, ASR1K)
NXOS
(Nexus Platforms)
IOS XR
(ASR 9K, CRS)

12. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
onePK APIs are Grouped in Service Sets
Base Service Set Description
Data Path Provides packet delivery service to application: Copy, Punt, Inject
Policy
Provides filtering (NBAR, ACL), classification (Class-maps, Policy-maps), actions (Marking,
Policing, Queuing, Copy, Punt) and applying policies to interfaces on network elements
Routing Read RIB routes, add/remove routes, receive RIB notifications
Element
Get element properties, CPU/memory statistics, network interfaces, element and interface
events
Discovery L3 topology and local service discovery
Utility
Syslog events notification, Path tracing capabilities (ingress/egress and interface stats,
next-hop info, etc.)
Developer
Debug capability, CLI extension which allows application to extend/integrate application’s
CLIs with network element
Used by onePK Puppet Agent

13. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
Agent Model Applications
Agent application resides on NE, utilizes
onePK API library.
Controller typically has network wide view,
agent has individual box view.
Choices:
Agent/Controller communication methods
Where bulk of processing occurs
Agent
Network Element
onePK
Controller
Agent
onePK
Controller
Agent
Network Element
onePK
Agent
onePK
Controller
onePK
Path
Computation
PCC PCC PCC
PCE
PCEP
Wireless LAN
Control
WLC
AP AP AP
CAPWAP

14. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
Security Five Ways
App
Security
Admin
Security
Container
Security
Runtime
Security
Code
Security
Digital Signing
Certification Process
CLI Control
Resource Allocation
Isolation
Resource Consumption
Code Isolation
Strong Typing
AAA (PKI)
Encryption (TLS)

15. The OnePK Puppet Agent

16. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
Network Element Resident Agent
Puppet master
Puppet agent
Native Puppet agent
Puppet IPC
N3K N7K

17. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
NXOS
onePK Agent Architecture
§ onePK provides manageability
abstraction.
– Avoids CLI scraping
– Consistent across cisco OSes
– Exposes dynamic device state and
configuration
§ Linux Container
– Runs distribution on OS kernel
– Fitted with cisco onepk libraries
– Isolates application failures from
Network Element
– Flexibility for application developersDevice Components
Management
Agents
Manageability
Abstraction
Device
Management
Infrastructure OS-specific
Management
Infrastructure
XOS and
Component APIs
Traditional
Management
Agents (CLI, syslog,
SNMP, XML)
Next Generation
Management
Agents (Puppet, ..)
onePK PL
Transport/Marshaling
onePK AL
OS Shim
LinuxContainer

18. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
Puppet + onePK
MasterNexus
Switch
onePK
Module
Classify
Compile
Report
Container
onePK Infra
Puppet
Agent
3. Execute
1. Request
4. Report
2. Reply
onePK API

19. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
Zero Touch
Default Gateway
N3K Switch
DHCP &
file server
Puppet Master
1. Boot & Start POAP
2. Downloads image,
base config and OVA file
3. Starts Puppet
Agent and begins
talking to Master
ova manifest
4. Applies configuration
through onePK

20. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
Puppet Types (Cisco)
class cisco_onep {
$ciscodev = "testdemo"
cisco_device {$ciscodev:
#log => debug,
ensure => present,
}
cisco_interface { 'Ethernet1/8':
description => 'Configured with puppet',
switchport => access,
access_vlan => 1001,
element => $element,
}
cisco_vlan { 1001:
ensure => present,
vlan_name => 'red',
state => active,
element => $element,
}
}
Cisco Device
Cisco Interface
Cisco VLAN

21. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
onePK Puppet Agent CLI - Configuration
Command Description Example
Onep Application Application-name onep applications puppet
Puppet Version puppet v0.8
Master Puppet Master IPv4/FQDN and Port master bxb-oa-linux2.cisco.com port 8999
VRF VRF name vrf management
Cert-name Certificate name:
Support shared certificate and non-shared
certificate
cert-name n3k-oa-3.cisco.com
Environment Environment (categorization) environment bxb_oa_n3k_3
Node-name Node name node-name facter
Default-username Device credentials default-username lab password lab
Run-interval Run frequency run-interval 180
Domain-name Domain name domain-name cisco.com
Splay Pseduo random frequency add splay splay-limit 60
Activate Activate daemon mode activate
Name-server DNS name-server 173.37.87.157

22. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
onePK Puppet Agent CLI – Execution & Monitoring
Command Group Description Example
Noop Execute Noop execution execute onep application puppet v0.8 puppet_agent agent-noop
Oneshot Execute One time execution execute onep application puppet v0.8 puppet_agent agent-oneshot
Ssl-all Clear Clear all certificates and private keys clear onep application puppet v0.8 puppet_agent ssl-all
Ssl-cert Clear Clear certificate clear onep application puppet v0.8 puppet_agent ssl-cert
Show Oper Data Show Show puppet agent config data
(master (server) name, run interval,
etc.)
show onep application puppet v0.8 puppet_to agent agent oper-data
Show Last Exec
Log
Show Show log from most recent noop or
oneshot mode run (exec mode run)
show onep application puppet v0.8 puppet_agent agent last-exec-log
Show Run History Show Show logs from most recent daemon
mode runs
show onep application puppet v0.8 puppet_agent agent run-history
run-number 1
Show Puppet
Config
Show Shows puppet agent –config print all show onep application puppet v0.8 puppet_agent config
Show Puppet
Copyright
Show Show Puppet Agent copyright show onep application puppet v0.8 puppet_agent copyright
Show Facter Show Show all facter variables. show onep application puppet v0.8 puppet_agent facter
Show Log CLI Show Troubleshooting support show onep application puppet v0.8 puppet_agent agent log cli

23. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
onePK Puppet Agent CLI – Debug
Command Group Description Example
Debug Puppet
Agent Level
Debug Enable debug level (verbose, etc.) debug onep application puppet v0.8 puppet_agent agent level 1
Debug Puppet CLI Debug CLI Troubleshooting debug onep application puppet v0.8 puppet_agent cli
Debug Puppet
pmgmt
Debug Management daemon
troubleshooting
debug onep application puppet v0.8 puppet_agent pmgmt
Debug Puppet Util Debug Utility troubleshooting debug onep application puppet v0.8 puppet_agent util

24. onePK Puppet Agent Demo

25. © 2013 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
References
§ For more information on onePK
– http://developer.cisco.com/web/onepk/home
§ Mail aliases
– Puppet
§ puppet-feedback@cisco.com
– onePK
§ onepk-feedback@cisco.com
§ jpfeifer@cisco.com