Enterprise SDN - APIC Enterprise Module Adam Radford Distinguished Systems Engineer #clmel
Agenda Introduction APIC-EM NB API Scale out Interaction with Prime Infrastructure Conclusion
Introduction
Maturity Model Level 0/10 Level 1 Level 2 Level 3
Cisco ACI Common Policy Model APPLICATION PROFILE USER ACCESS APIC EM
Cisco APIC Enterprise Module Architecture Security QoS ZTD Path Selection Cisco and Third Party Applications REST API Cisco APIC Enterprise Module Exposes Network Intelligence For Business Innovation Network Info Database Policy Infrastructure CLI, Netconf, etc API Automation Abstracts Network Devices to Mask Complexity Treat Network as a System Network Devices Catalyst, ASR, ISR
Policy Engine Business Intent Intent Policies High Level Constructs Translation Translation of high level constructs to network control functions reduces skills gaps and clarifies policy procedures Network Control Functions QoS Configuration ACL
An Example Intent Policies UI:: BradWebAllow: Brad Web allow High Level Constructs Policy Manager:: Business Policy -> Network Policy Translation Policy Programmer:: Network Policy-> Network Cmds Network Control Functions Scanner-Service:: Network Commands -> device QoS Configuration ACL
configuration Evolution to a Campus/WAN Policy Model Today ACI policy policy policy traditional traditional traditional Time
configuration Reality of Adoption Today policy traditional Traditional Read Only Apps Earn Trust traditional Time
APIC-EM
APIC-EM: Services Layered View APIC-EM Services APIC-EM Apps NETWORK MODEL DEVICE MODEL DEVICE INTERFACE Easy QoS Visualiser Discovery Easy QoS Business Intent to Network Intent Conversion Policy Programmer (QoS, ACL) Inventory Application Visualiser Inventory Visualiser Policy Analysis Policy Manager Network Tapping Network Discovery Network Tapping Visualiser Topology Visualiser NB REST API Conflict Detection and Resolution (BI and NI) Application Visibility Network Events Policy Manager Compliance Check Pxgrid Client + LDAP client Topology PfR Network Programmer IWAN Services Network PnP ACL Visualiser Radius Proxy + LDAP client PnP APIC-EM Services IWAN Services Basic Services for Controller Availability 13 NETWORK
Controller Home Page
Topology
Path Trace Application 5 Tuple Exact path through network - Netflow - Cef - Traceroute for unknown
MapCollab Server Use Case: Path Visualisation via Collaboration App MapCollab App CUCM Cluster SIP Registration SIP Registration SIP Messages SIP Messages 1 5 tuple Information on active calls: WWW & REST API 4 User Sees Path (UI) 5 Tuple 2 APIC Path 3 MapCollab Clients 17
Path Trace CAPWAP Tunnels
Cisco Intelligent WAN (IWAN) App for the APIC-EM Enables IT automation through centrally managed policies Simplified workflows use case driven with step-by-step provisioning Zero touch provisioning plug & play for remote devices without user intervention Business - level policies application rules drive network actions and abstraction of underlying policy configurations Open architecture northbound API Network and application monitoring status, alerting of network issue 19
Cisco Intelligent WAN App for APIC-EM Business Policy: App SLA APP DMVPN SLA QoS Security Path Selection NETWORK IT Admin Access Application Network Profile SDN Simple Workflow Templates Zero Touch Provisioning Network, Applications Monitoring Business Level Policies Open Architecture Business Policy Dictates Network Action
Site topology choices in IWAN app
Link type selection in IWAN app
Application priority policy setting in IWAN app
Network Plug-N-Play Simple, Secure, Scalable Today s Process Network PnP Ships equipment Reseller/Part ner Central Staging Facility Network Admin Install OS Install base config 2 1 Pre Provision Projects/Sites Network Admin Install & Power-on devices 3 Monitor device installation Installer Installer Network Admin Site-1 Site-2 Site-3 Site(s) Unskilled Installer GUI Based Consistent for devices & PIN(Campus/Branch) Secure Zero-touch RMA Greenfield & Brownfield
NB API
Three Classes of Use Case NetOps Net Integration Net Innovation Cultural change: "TEST and VERIFY" "TRUST" "HOW" to "WHAT"
RESTful Services Exposed
API: VERBS + NOUNS + SYNTAX GET POST PUT DELETE /host /link /network-device /interface JSON Syntax: { "policyowner": "Admin", "networkuser": {"useridentifiers":["40.0.0.15"], "applications":[{"raw": "12340;UDP"}] } } Header: Content-Type: Application/JSON https://test-apic/api/v0/policy GET/POST
General Structure GET /noun/count, /noun/{id}, /noun?offset=1&limit=500, /noun/1/500 POST Now Asynchronous. Returns 202 status code and a taskid GET /api/v0/task/{taskid} to find out result PUT Now Asynchronous. Returns 202 status code and a taskid GET /api/v0/task/{taskid} to find out result DELETE Now Asynchronous. Returns 202 status code and a taskid GET /api/v0/task/{taskid} to find out result
Swagger
Try it out!!!
Postman URI (Noun) Verb Syntax Response Code Body
API Structure 2 /ztd-site/ /device 1 /file-service/ file/config file/image /ztd-device 3 33
Create a Rule https://adam-ztd:443/api/v0/ztd-site/device POST { "hostname" : "test-switch6", "site" : "Sydney", "platformid" : "WS-C2960X-48FPD-L" } IMPORTANT: Name of "site" rather than UUID These are only three mandatory attributes Default "status" is PENDING "serialnumber", "configid", "imageid", are often used 34
User Interface 35
More on API developer.cisco.com
Scale Out
Grapevine Console service Start/stop
Architecture Physical Host Root VM: Manage client spin-up. Operation and update of services. Service catalog Client VM(s): Controlled by root. Where services run Client VM(s): Controlled by root. Where services run
Stateless Services $./bin/harvest_all_clients Harvesting client b2c1f0f0-b616-4606-a5ea-60d0a4edc33c... Harvesting client 6a699442-201e-4d4f-a558-dc1125010bdb... Harvesting client 76dca644-be38-43ea-bb37-c24e595f38bd... Harvesting client 4c230bed-bd2f-4582-90e2-36e3bd5961e7... Task 'b75745a2-ba72-11e4-a41d-005056b1beb8' completed successfully (grapevine) Shutdown/resume $./bin/grow_all_services Growing reverse-proxy latest... Growing router latest... Growing telemetry-service latest... Growing postgres latest... Growing cas-service latest... Growing data-access-service latest... Growing rbac-service latest... Growing task-service latest... Growing data-uploader latest... Growing file-service latest... Growing identity-manager-pxgrid-service latest... Growing inventory-manager-service latest... Growing network-discovery-service latest... Growing network-poller-service latest... Growing policy-analysis-service latest... Growing port-stats-service latest... Growing topology-service latest... Growing ui latest... Task 'd182b83a-ba72-11e4-a41d-005056b1beb8' completed successfully
Service Upgrades (1) Cloud Store Cisco deploys new version of service to the cloud Physical Host Physical Host Physical Host and service catalogs are updated with new version
Service Upgrades (2) Grapevine automatically deploys the new version of the service Physical Host Physical Host Physical Host
Interaction with Prime Infrastructure
What About Network Management? Traditional Management Customer developed provisioning tools, manual CLI changes, and run book automation for IT Operations support Feature Configuration Management (NMS) NE NE NE NE SDN Led Management Customer input on business / service intent Automation (Workflow / Orchestration) Policy Automation Management (Provisioning and Assurance) Controller (APIC-EM) NE NE NE NE
Systemic View of Management / Control Roles Orchestrates sequential changes and enables IT process execution Network Infra Stores, processes and visualises all historical data for monitoring and network change Owns the communication to/from the network and drives programmability
Key Milestones to SDN Led Management Evolution in 2015 Q1 2015 Mid-2015 Q4 2015 APIC-EM CA Path Visualisation application for network path tracing Prime Infra 2.2 FCS (Dec 2014) Cross domain monitoring across WAN, Access, DC APIC-EM Apps IWAN app EFT with policy based provisioning of Secure WAN APIC-EM GA Scalable controller foundation supporting multiple use case / apps Prime Infra Niihau Integration with APIC-EM for core network service automation APIC EM Apps IWAN App GA with dynamic QoS changes; BSA app EFT APIC-EM Updates Expanded application support across multiple enterprise use cases Prime Infra Lanai Integration with APIC-EM and Automation as System of Record APIC-EM Apps Multiple apps across Wireless, Access, Collab, Security and Automation
Cisco Controller and Management System Portfolio for the Campus/Branch in 12-24 Months Common Automation Layer System of Automation Branch Service Automation Common Monitoring / Assurance Feature Configurable Provisioning Policy Prescriptive Provisioning Common Controller Layer for Campus/ Branch System of Record System of Change Prime Infrastructure Prime Infrastructure APIC-EM Multiple APIC-EM Apps NE NE NE NE NE NE NE NE NE NE
Summary
Q & A
Complete Your Online Session Evaluation Give us your feedback and receive a Cisco Live 2015 T-Shirt! Complete your Overall Event Survey and 5 Session Evaluations. Directly from your mobile device on the Cisco Live Mobile App By visiting the Cisco Live Mobile Site http://showcase.genie-connect.com/clmelbourne2015 Visit any Cisco Live Internet Station located throughout the venue T-Shirts can be collected in the World of Solutions on Friday 20 March 12:00pm - 2:00pm Learn online with Cisco Live! Visit us online after the conference for full access to session videos and presentations. www.ciscoliveapac.com
Thank you.