service containers on the isr 4400
Post on 12-Jan-2015
2.102 Views
Preview:
DESCRIPTION
TRANSCRIPT
Cisco Public 1© 2013 Cisco and/or its affiliates. All rights reserved.
An Introduction to Service Containers
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Traditional Network Services
Traditional Features
Cisco Network Operating System
Cisco Network Operating System
FeatureFeature
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
What’s happening in the server world.
Feature or ApplicationFeature or Application
Feature or ApplicationFeature or Application
Feature or ApplicationFeature or Application
Ph
ysic
al S
erv
er
Ph
ysic
al S
erv
er
Ph
ysic
al S
erv
er
Ph
ysic
al S
erv
er
or
“Clo
ud
”
Feature or ApplicationFeature or Application
Co
nta
ine
rC
on
tain
er
Feature or ApplicationFeature or Application
Co
nta
ine
r
Feature or ApplicationFeature or Application
Co
nta
ine
r
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Future Service DeliveryWrite once. Run anywhere.
ContainerContainer
Service Container
Cisco Network Operating System
Cisco Network Operating System Feature or
ApplicationFeature or Application
ContainerContainer
Blade Hosting with Hypervisor
Cisco Network Operating System
Cisco Network Operating System
Feature or ApplicationFeature or Application
Bla
de
End-Point Hosting
Cisco Network Operating System
Cisco Network Operating System
Feature or ApplicationFeature or Application
Ext
ern
al S
erv
er
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
What is a Service Container?
Service Containers use virtualization technology to provide a hosting environment on Cisco routers & switches for applications which may be developed and released independent of platform release cycles.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Use Cases for Service Containers
Container
Network OS
Virtual Service
Service ContainersVirtualized environment on a cisco device.
Use Case Cisco Virtual Services:• Work/Appliance Consolidation• Example: ISR-WAAS on ISR4451-X
Use Case Cisco Agents:• Integral Router Features with decoupled release
cycles• Example: RESTFul API in the CSR1000v
Use Case Signed Third Party Services:• Container Hosted OnePK Applications
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Where is this happening?
Catalyst 4500 Sup 7E• Wireshark and future services
ISR4451-X• WAAS and future services
Cloud Services Router 1000v• REST API for automated deployment
Nexus 3000, 5000, 6000 & 7000• 3rd Party Embedded Services
Cisco Public 8© 2013 Cisco and/or its affiliates. All rights reserved.
An aside on onePK versus Service Containers
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Traditional Approach
IOS
Routing
Data Plane
Policy
Interface
Monitoring
Discovery
CLI
AAA
SNMP
HTML
XML
Syslog
Span
Netflow
CDP
Routing Protocols
OnePK Evolving How We Interact With the Network Operating System
New Paradigm
App
CJava
PythonEvents
ActionsApp
EEM (TCL)
Any
thin
g yo
u ca
n th
ink
of
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Introducing One Platform Kit - onePK
Any CiscoRouter or
Switch
ApplicationsThat YOU
Create
onePK
Flexible development environment to:
• Innovate
• Extend
• Automate
• Customize
• Enhance
• Modify
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Future Service DeliveryWrite once. Run anywhere.
ContainerContainer
Service Container
Cisco Network Operating System
Cisco Network Operating System Feature or
ApplicationFeature or Application
ContainerContainer
Blade Hosting
Cisco Network Operating System
Cisco Network Operating System
Feature or ApplicationFeature or Application
Bla
de
End-Point Hosting
Cisco Network Operating System
Cisco Network Operating System
Feature or ApplicationFeature or Application
Ext
ern
al S
erv
er
onePK Interface
Cisco Public 12© 2013 Cisco and/or its affiliates. All rights reserved.
Now back to the presentation…
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Platform Specific Data Plane
Linux OS
Example Architecture: ISR4451-X
IOSdControl Plane ISR-WAAS
Future Cisco Embedded Network Services
Common API (onePK)
AVC
Internal Services Blade (UCS E-
Series)
External Services Blade (UCS)
onePK onePK
AppNav Other Data Plane Features
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
ISR 4451-X Block Diagram
Control Plane (1 core) & Services Plane (3 cores)
Data Plane (10 cores)
FPGE
Multi Gigabit Fabric
SM-X
ISC
SM-XNIM
Service Containers Live Here
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Terminology
Virtual-Service: This refers to the container service configuration object. It is sometimes also
called the Virtual Machine: (VM) or the container.
Host: The IOS-XE, NXOS system software
Guest: An instance of the foreign software being hosted. It is sometimes referred to as the
application.
OVA: The software package provided by the application writer which contains the application
and metafiles used to create the hosting environment. (Open Virtualization Archive)
Distribution: The complete set of software provided by the application development team.
KVM: Kernel Virtual Machine
LxC: Linux Container
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Service Container TechnologiesKVM
Description: KVM is a virtual machine emulation of the underlying hardware. KVM runs as a Type 2 hypervisor on IOS-XE. IOS/VMAN provide VM management Services.
Characteristics: • Isolates Guest Operating System from Host OS• Takes advantage of CPU hardware extensions found on
server-class processors (e.g., Intel’s VT-x technology)• Provides the highest level of guest/host isolation.
LXCDescription:
This is an operating system virtualization technology (not a hypervisor) that shares the host kernel with the guest but provides isolation through namespace extensions to the Linux kernel.
Characteristics: • Native Performance, no device emulation or CPU specific
requirements• Support across Processor Architectures (MIPs, PPC, Intel)• More easily allows sharing of host services/libraries into guest• Host has direct visibility into resource usage and contention• Guest applications run on the same OS kernel and thus
there’s less isolation and fault separation
Host OS (Linux Kernel)
Hardware Resource
Application
Guest Root File System
Host OS (Linux Root File System)IO
S &
Hos
t Ser
vice
Host OS (Linux Kernel)
Hardware Resource
Guest OS Kernel
Application
Guest Root File System
Host OS (Linux Root File System)
IOS
& H
ost S
ervi
ce
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Application Signing
Platforms with Service Containers• Trust Level Defined
per platform• Some platforms might
allow unsigned applications
Cisco Application Signature• Applied to identify
trusted applications• Securely signed and
identified Service Container OVA
Cisco and 3rd Party Applications• Submitted to Cisco
Developer Network for certification and signing
Trusted Application Signatures
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Cisco Prime Infrastructure 2.0Full Service Container Lifecycle Management
Point-and-Click deployment of Service Containers
Automated and scheduled provisioning.
Simplified Templates and Configuration Advice
Full Life-Cycle Management
Role-Based Access
Support for a wide range of Service Container Types
Automated management for Containers across the network
Automated Point-and-Click Life-Cycle Management for Service
Containers
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Virtual Service Deployment WorkflowHosted Service Deployment Model
router#interface VirtualPortGroup1 ip address 3.3.3.1 255.255.255.0
router#virtual-service <app-name> interface virtualPortGroup1 ip address 3.3.3.2 profile app-model-1
Install Service (package)
Configure Service
Start Service
Monitor Service
Manage Service
Upgrade Service (Host
Initiated)
Un-Install Service
router#virtual-service install name <app_name> package <file_uri>
router#virtual-service <app-name> activate
router#show virtual-service globalrouter#show virtual-service listrouter#show virtual-service detail name <app-name> router#show virtual-service utilization name <app-name>
router#virtual-service uninstall name <app_name>
router#virtual-service upgrade name <app_name> package <file_uri>
router#show virtual-service connectrouter#show logrouter#copy core
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Install Virtual Service Software Package
router#virtual-service install name WAAS package harddisk:ISR4451X-WAAS-5.2.0-b27.ova [media harddisk:]Package "harddisk:/ISR4451X-WAAS-5.2.0-b27.ova" is currently being installed for virtual service “WAAS". Once the install is finished, please activate the VM to run the VM.router#
Feb 14 19:37:09.886: %VIRT_SERVICE-5-INSTALL_STATE: Successfully installed virtual service WAASrouter#
Install command specifies the following…• User selected name of virtual service• Location of the OVA package file• [optional] destination media
On ASR1K and ISR4451-X platforms we support installation to harddisk only.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Configure Virtual Service
br0(subnet 10.10.10.x)
br1(subnet 10.10.20.x)
Container-1 Container-2 Container-3 Container-4
10.10.10.2
10.1
0.10
.3
10.1
0.20
.2
10.10.20.3 10.10.20.4
interface VirtualPortGroup1 ip address 10.10.10.1
interface VirtualPortGroup2 ip address 10.10.20.1
interface VirtualPortGroup1 ip address 10.10.10.1 255.255.255.0 load-interval 30! interface VirtualPortGroup2 ip address 10.10.20.1 255.255.255.0
virtual-service Container-2 interface VirtualPortGroup1 interface VirtualPortGroup2
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Configure Virtual Service (Profiles)
router(config)#virtual-service WAASrouter(config-virt-serv)#profile ? ISR-WAAS-1300 ISR-WAAS profile for 1300 TCP connections ISR-WAAS-2500 ISR-WAAS profile for 2500 TCP connections ISR-WAAS-750 ISR WAAS profile for 750 TCP connections
Profile Name Description CPU Memory DRE Disk
ISR-WAAS-750 WAAS Profile for 750 connections 25% 4G 150G
ISR-WAAS-1300 WAAS Profile for 1300 connections 50% 6G 150G
ISR-WAAS-2500 WAAS Profile for 2500 connections 75% 8G 350G
Example: ISR-WAAS Profiles
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Activate Virtual Service
router#show virtual-service listVirtual Service List:
Name Status Package Name -------------------------------------------------------------------WAAS Installed ISR4451X-WAAS-5.2.0-b...
router(config)#virtual-service waasrouter(config-virt-serv)#activaterouter(config-virt-serv)#endrouter#Feb 14 19:53:02.070: %VIRT_SERVICE-5-ACTIVATION_STATE: Successfully activated virtual service WAASFeb 14 19:53:04.069: %LINK-3-UPDOWN: Interface VirtualPortGroup3, changed state to upFeb 14 19:53:05.070: %LINEPROTO-5-UPDOWN: Line protocol on Interface VirtualPortGroup3, changed state to uprouter#show virtual-service listVirtual Service List:
Name Status Package Name -------------------------------------------------------------------WAAS Activated ISR4451X-WAAS-5.2.0-b...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Show Virtual Service: Global Information
router#show virtual-service Virtual Service Global State and Virtualization Limits:
Infrastructure version : 1.2Total virtual services installed : 3Total virtual services activated : 2
Maximum memory for virtualization : 10240 MBMaximum HDD storage for virtualization : 381536 MBMaximum bootflash storage for virtualization : 7107 MBMaximum system CPU : 75%Maximum VCPUs per virtual service : 6
Committed memory : 6144 MBCommitted disk storage : 182939 MBCommitted system CPU : 25%
Available memory : 4096 MBAvailable disk storage : 202236 MBAvailable system CPU : 50% Machine types supported : KVM, LXCMachine types disabled : none
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Show Virtual Service: Detail• Provides detailed view of Guest machine resources (verbose)
router#show virtual-service detail name WAASVirtual Service WAAS Detail:
Package metadata:Package name : ISR4451X-WAAS-5.2.0-b2.ovaApplication name : ISR-WAASApplication version : 1.0Application description : WAASCertificate type : N/ASigning method : SHA512Licensing name : ISR-WAASLicensing version : 1.0OVA path : /vol/harddisk/ISR4451X-WAAS-5.2.0-b2.ovaState : ActivatedDetailed guest status : Version: oe-vwaas-5.2.0.2The system has been up for 2 days, 23 hours, 35 minutes, 22 seconds.Interception-method: appnav-controllerCurrent Service Node state : OperationalTime Service Node entered current state : Mon Feb 11 20:25:07 2013System State: Running\<snip>
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Show Virtual Service Profilesrouter#show virtual-service profile name WAAS Virtual Service WAAS profiles:
Name Description Allowed -----------------------------------------------------------------------------------ISR-WAAS-2500 ISR-WAAS profile for 2500 TCP connections Yes ISR-WAAS-1300 ISR-WAAS profile for 1300 TCP connections Yes ISR-WAAS-750 ISR WAAS profile for 750 TCP connections Yes
router#show virtual-service profile name WAAS detail Virtual Service WAAS Profile Details:
Profile name : ISR-WAAS-2500Description : ISR-WAAS profile for 2500 TCP connectionsLicense name : ISR-WAASLicense version : 1.0Resource admission : NoResource requirements : Disk space : 360879MB Memory : 8192MB CPU : 75% system CPU VCPUs : 6 (sockets:1 cores:6 threads:1) <SNIP>
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Connect to Virtual Service
router#virtual-service connect name WAAS console Connected to appliance. Exit using ^c^c^c
Cisco Wide Area Application Engine Console
Username:
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Show Virtual Service Log
router#show platform software trace message virt-manager rp active02/14 19:16:13.370 [vman]: (debug): Request content02/14 19:16:01.337 [vman]: (debug): Finished continuation of show_trace_msg_request02/14 19:16:01.334 [vman]: (debug): Request content02/14 19:16:01.334 [vman]: (debug): Continuing show_trace_msg_request02/14 19:16:01.334 [vman]: (debug): Finished continuation of show_trace_msg_request02/14 19:16:01.334 [vman]: (debug): Application registered continuation for show_trace_msg_request02/14 19:16:01.334 [vman]: (debug): Registering show_trace_msg_request for continuation02/14 19:16:01.334 [vman]: (debug): Request content
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Upgrade Virtual Service
router#virtual-service upgrade name waas package ? bootflash: Appliance package cns: Appliance package flash: Appliance package harddisk: Appliance package null: Appliance package nvram: Appliance package system: Appliance package tar: Appliance package tmpsys: Appliance package
router#virtual-service upgrade name waas package harddisk:ISR4451X-WAAS-5.2.0-b2.ova
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Un-install Virtual Service
router#virtual-service uninstall name WAASrouter#Feb 14 19:34:29.765: %VIRT_SERVICE-5-INSTALL_STATE: Successfully uninstalled virtual service WAASrouter#
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Recent Service Container Applications
• ISR-WAAS Simplified Deployment• REST API for automated CSR1000v deployment• Nexus 3k, 5k, 6k & 7k support for open containers
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
“All in a box – simple to deploy”
FULL FEATURED WAAS ACCELERATOR INSIDE
• Tighter Integration• Service aware data plane – AppNav• Dedicated Resources
• 3 steps to setup within 10 minutes
• Up to 2500 connections 150Mbps optimized WAN• Embedded AppNav to expand w/ WAAS on UCS-E or externally
Native Simple Scalable
Key Benefits with ISR4451-X ISR-WAAS
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Simplified Deployment- 3 steps, 10 minutesRouter# service waas enableStep 1: Choose WAAS Profile
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Simplified Deployment- 3 steps, 10 minutes
Step 2: Choose WAN Interface
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Simplified Deployment- 3 steps, 10 minutes
Step 3: Verify and Activate
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Cisco Cloud Services Router (CSR) 1000VCisco IOS Software in Virtual Form-Factor
Physical Server
HypervisorVirtual Switch
VPC/ vDC
OS
App
OS
App
CSR 1000V
Programmability • RESTful APIs (leverages OnePK) for Automated
Management
Term and Usage-based Licenses • Elastic Capacity (10 Mbps and up Throughput, 2
to 8 GB RAM)
Single-tenant WAN Gateway• Small Footprint (reducing from 4 vCPU to 1), Low
Performance
IOS XE Cloud Edition• Selected Features of IOS XE primarily for Cloud
Use Cases
Infrastructure Agnostic• Server, Switch, Multi-Hypervisor (ESXi, KVM,
Xen)
Enterprise-class Networking with Rapid Deployment and Flexibility
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Example: RESTful API for CSR1000v
IOS XE
onePK API Infrastructure
LXC Service Container
REST API Web Interface written in Python
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Nexus OS Open Container Architecture
NXOS(Nexus Platforms)
onePK API Infrastructure
Open LxC Service Containers
User/3rd Party C, JAVA, Python Program
User/3rd Party C, JAVA, Python Program
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
What to Look For in the Future
Consistent, Powerful and Portable Network Applications
Flexible Services from Cisco
• Virtual Services Write once and run in many locations.
• Parity Across Devices Identical features and feel on appliances, virtual devices and service containers.
• Simplified Install Management tools and installation scripts to make working with services easier.
Additional Options for 3rd Party Services
• Partner Applications Applications from third parties tested and certified by Cisco
• Customer ApplicationsMore options per-platform for un-signed applications.
• Development AssistanceApplication Development Kits and assistance available as a service.
More Install Options
• PlatformsMore platforms being introduced with support for service containers.
• Modules Modules in several platforms that can run the same service containers.
• Development ServersService Container support within dedicated servers.
Thank you.
Cisco Public 41© 2013 Cisco and/or its affiliates. All rights reserved.
top related