Programovatelnost síťových zařízení

Size: px

Start display at page:

Download "Programovatelnost síťových zařízení"

Gordon Hawkins
5 years ago
Views:

1 Praha, hotel Clarion dubna 2013 Programovatelnost síťových zařízení Příklady využití OnePK v komunikačních architekturách T-SDN2 / L2 Pavel Křižanovský Cisco and/or its affiliates. All rights reserved. Cisco Connect 1

4 SDN je, když...

5 An open solution for VM mobility in the Data-Center A way to reduce the CAPEX of my network and leverage commodity switches A solution to build virtual topologies with optimum multicast forwarding behavior A way to optimize link utilization in my network enhanced, application driven routing A means to get assured quality of experience for my cloud service offerings A platform for developing new control planes An open solution for customized flow forwarding control in and between Data Centers A solution to build a very large scale layer-2 network Develop solutions at software speeds: I don t want to work with my network vendor or go through lengthy standardization. A means to do traffic engineering without MPLS A means to scale my fixed/mobile gateways and optimize their placement A way to distribute policy/intent, e.g. for DDoS prevention, in the network A way to optimize broadcast TV delivery by optimizing cache placement and cache selection A way to configure my entire network as a whole rather than individual devices A way to build my own security/encryption solution A solution to get a global view of the network topology and state A way to scale my firewalls and load balancers 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 5

An open solution for VM mobility in the Data-Center A way to reduce the CAPEX of my network and leverage commodity switches A solution to build virtual topologies with optimum multicast forwarding

teways and optimize their placement A way to distribute policy/intent, e.g.

6 An open solution for VM mobility in the Data-Center A way to reduce the CAPEX of my network and leverage commodity switches A solution to build virtual topologies with optimum multicast forwarding behavior A means to scale my fixed/mobile gateways and optimize their placement A way to distribute policy/intent, e.g. for DDoS prevention, in the network A way to optimize link utilization in my network enhanced, application driven routing A means to get assured quality of experience for my cloud service offerings Enhanced Agility Simplified Operations A platform for developing new control planes A way to optimize broadcast TV delivery by optimizing cache placement and cache selection A way to configure my entire network as a whole rather than individual devices An open solution for customized flow forwarding control in and between Data Centers A solution to build a very large scale layer-2 network Develop solutions at software speeds: I don t want to work with my network vendor or go through lengthy standardization. New Business Opportunities A means to do traffic engineering without MPLS A way to build my own security/encryption solution A solution to get a global view of the network topology and state A way to scale my firewalls and load balancers 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 6

Cisco Open Network Environment ONE Preserve What is Working Resilience, Scale, Security Functionality and Rich Features Instrumentation Evolve for New Requirements Operational Simplicity and

7 Cisco Open Network Environment ONE Preserve What is Working Resilience, Scale, Security Functionality and Rich Features Instrumentation Evolve for New Requirements Operational Simplicity and Automations Programmability and Network-Awareness Upcoming Innovations Open and Integrated Framework Software Defined Network concepts are a component of the Open Network Environment Existing APIs, Agents, Controllers and Infrastructure contribute Network Programming onepk developer.cisco.com, CDN, Training, Certification, Partners, EEM, EASy Open Network Environment (Software) Architectures and Patterns Controllers (ONE/Openflow PoC) (SBC, WLC, +++) CIN, CloudConnect, Sentinels, Agents Open Network Environment Scenarios and Motivations Deployment and Virtualization Nexus 1000v CSR 1000v VSG and vfw/asa, vwaas, vnam, Cisco Openstack Ed Blade Hosting (UCS-E, ), Virtual Containers (AirVision, Cat, ISR, ASR, ) 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 7

8 Anything you can think of Evolving How We Interact With The Network Operating System Traditional Approach New Paradigm CLI Network OS SNMP HTML XML Monitoring Policy App AAA CDP Syslog Netflow Routing Protocols Interface Discovery Routing Data Plane Events C Java... Span Actions App EEM (TCL)

9 Introducing One Platform Kit - onepk Applications That YOU Create onepk Any Cisco Router or Switch Flexible development environment to: Innovate Extend Automate Customize Enhance Modify

Skills Expertise Network-centric use cases Scripts, PoCs, HA networks

10 Who Will be the Network Programmer? Applications That WHO Creates? Network Engineer Developer onepk Network, IOS Skills Scripting Skills Programming Skills Expertise Network-centric use cases Scripts, PoCs, HA networks Application-centric use cases Scalable, HA applications 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 10

12 onepk Architecture C, JAVA Program onepk API Presentation onepk API Infrastructure IOS / XE (Catalyst, ISR, ASR1K) NXOS (Nexus Platforms) IOS XR (ASR 9K, CRS) 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 12 12

onepk API Libraries Initial Service Sets Element Utilities Discovery Developer Element Capabilities Configuration Management Interface/Ports Events Location

Interfaces Management Extensions Data Path Packet/Flow Classifiers Copy/Punt/Inject Statistics Policy Interface Policy Interface Feature Policy Forwarding

13 onepk API Libraries Initial Service Sets Element Utilities Discovery Developer Element Capabilities Configuration Management Interface/Ports Events Location Information Syslog Events and Queries AAA Interface Path Trace Network Element Discovery Service Discovery Topology Discovery Debug Capabilities Tracing Interfaces Management Extensions Data Path Packet/Flow Classifiers Copy/Punt/Inject Statistics Policy Interface Policy Interface Feature Policy Forwarding Policy Flow Action Policy Routing Read RIB Routes Add/Delete Application Routes RIB Events (Route up/down) 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 13

14 Blade Where Do onepk Applications Run? Choose the Hosting Model that Suits Your Platform and Your Application App On An External Server Plentiful memory/compute Higher latency and delay Supported on by all platforms App On A Hardware Blade Dedicated memory/compute Low latency and delay Requires modular hardware blade App On the Router Shared memory/compute Very low latency and delay Requires modular software architecture 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 14 14

15 Yes, it is secure App Security Digital Signing Certification Process Code Isolation Strong Typing Code Security Admin Security CLI Control Resource Allocation Access Control (ACL) AAA (PKI) Encryption (TLS) Runtime Security Container Security Isolation Resource Consumption Trusted/Untrusted Containers 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 15 15

17 onepk APIs are Grouped in Service Sets Base Service Set Data Path Policy Routing Element Discovery Utility Developer Description Provides packet delivery service to application: Copy, Punt, Inject Provides filtering (ACL), classification (Class-maps, Policy-maps), actions (Marking, Policing, Queuing, Copy, Punt) and applying policies to interfaces on network elements Read RIB routes, add/remove routes, receive RIB notifications Get element properties, CPU/memory statistics, network interfaces, element and interface events L2 topology and local service discovery Syslog events notification, Path tracing capabilities (ingress/egress and interface stats, next-hop info, etc.) Debug capability, CLI extension which allows application to extend/integrate application s CLIs with network element

18 Element Getting Properties and Statistics System Interfaces Discovery CPU, Memory, Platform, Serial #, Versions, Uptime, Routing Location, OIR, CLI Changes Port, Slot, BW, MTU, TX/RX, BPS, PPS, Errors, Other Stats, QoS Config, Link Changes CDP, Security Topology Graph, Edges, Nodes, Topology Changes Application 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 18

MTU, Clear Stats, Shut/No Shut Filters Application 2012 Cisco

19 Element Setting Properties and Statistics Key Area for Future Enhancements System Interfaces Discovery Location IP address, MTU, Clear Stats, Shut/No Shut Filters Application 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 19

20 Example: Getting System Properties char *str = NULL; onep_element_connect(elema, user, pwd, NULL, &sh); onep_element_get_property(elema, &property); if (property) { onep_element_to_string(elema, &str); if (str) { fprintf(stderr, "\nelement Info: %s\n", str); free(str); } } 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 20

Example: Getting System Properties 2012 Cisco and/or

22 Example: Simplified Management Problem: Misconfigurations cause network outages, degrade performance, impact SLAs. Value proposition: Get, set, and detect configuration changes via cross-platform API 1. Network begins with mismatched parameters on either side of link (e.g. MTU) 2 NX3K 1 MTU 1500 MTU Application checks parameters on either side and identifies mismatches (red lines) 3 CRS 3. Application sets parameters to match (lines turn green) 4. Application registers for events related to parameters change. 4 9K MTU 1518 MTU Users logs into console and manually changes parameter. Topology indicates change. 5 1K MTU 1600 MTU 1500 MTU 1500 ISR MTU Cisco and/or its affiliates. All rights reserved. Cisco Connect 22

24 Policy Getting Policies and Routes Routing QoS Security RIB, Next-Hop, metric, AD, scope (VRF), Changes Configured Classes Configured ACLs Application 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 25

Mark, Shape, Queue) ACLs Application 2012 Cisco

25 Policy Setting Policies and Routes Routing QoS Security Static routes Service-Policies (Police, Mark, Shape, Queue) ACLs Application 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 26

27 onepk Example: Custom Routing Data Center Traffic Forwarding Based on a Custom Algorithm 1 Destination ISR Pricing Route A Route B $1 $2 $1 $2 2 App Route A Route B $3 $3 3 Unique Data Forwarding Algorithm Highly Optimized for the Network Operator s Application 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 28

33 Punting and Injecting Packets (C) TRY(rc, onep_dpss_register_for_packets( ne1, dpss, targ_left, interesting_class, ONEP_DPSS_ACTION_PUNT, encrypt_callback, (void *)intf_left, &reg_handle), "Register for packets"); Where traffic goes next Defines traffic of interest Action to take on interesting traffic 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 34

34 Example: Custom Encryption Problem: Customers want custom encryption on specific traffic types Value proposition: Punt traffic of interest, encrypt, and re-inject. 1. Policy APIs on ingress router are set to punt telnet and syslog to app 2. App encrypts punted traffic and re-injects into data path. 3. Policy APIs on egress router punt telnet and syslog to app 4. App decrypts punted traffic and re-injects into data path. 5. Traffic that does not match policy passes through unencrypted. telnet http 5 http telnet encrypt http 1 encrypt 2 Unsecure Network 3 encrypt telnet onepk application onepk application Cisco and/or its affiliates. All rights reserved. Cisco Connect 35

36 Emergency Response Network pramacom COMMUNICATION & OPTICS Problem: How to deliver secure, trusted, robust, cost-effective broadband connectivity to mobile emergency response units? Solution: Use Network Programming based on Cisco onepk and Cisco IOS Embedded Event Manager to integrate low-cost, high-bandwidth options with accredited legacy radio connectivity: 1. Connect high-bandwidth forward clients via WiFi 4 K a Band 2. Use Cisco IOS EEM for onboard system integration and adaptation WiFi 1 2 EEM Cisco 819 PMR Radio 3 Cisco 29xx 3. Use Cisco onepk to redirect IKE key exchange out-of-band via PMR network 4. Secure IPSec tunnel via cost-effective high bandwidth K a Band 5. Reliable, secure emergency response network saving ~4M operating cost annually

38 Další náměty k nasazení OnePK Backup interface manipulation Dynamically apply policy as needed Firewall Applications / content filtering Load Balancers Packet and flow monitors Traffic capture and injection Quality of experience troubleshooting Web management application with REST interface Management over XMPP 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 39

40 Summary: Portfolio of API, Languages and Abstractions Network Programming with onepk and Embedded Network Automation Native Network OS Embedded Automation Advanced Network OS Embedded Scripting Structured API Object Oriented API Higher-Level Abstractions / Interfaces Event-/Expression- MIB, PfR, IPSLA Thresholds, Embedded Event Manager Applets, Tcl, Python, Embedded Event Manager, EASy, onepk C onepk Java onepk Libraries REST, XMPP, Design Patterns, OMNI Controllers, Network Automation Embedded Automations Choice and Flexibility of Implementation 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 41

41 Conclusion: Why onepk? BUILD, AUTOMATE, IMPROVE SPEED & FASTER ADAPTABILITY EXTEND REVENUE & COST SAVINGS SIMPLICITY, INTEGRATION & THE POWER OF CHOICE 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 42

Programmability of Cisco DC Infrastructure

Dubrovnik, Croatia, South East Europe 20-22 May, 2013 Programmability of Cisco DC Infrastructure Ulrich Hamm Sascha Merg 2011 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 Agenda