Embed Size (px)
Citation preview
System Engineer
René Andersen
November 2015
TechUpdate November 2015
APIC-EM and Software Defined in the Enterprise
`
Cisco APIC-EMAn Application Platform for Enterprise WAN and Access Networks
• Virtual (ISO VM) or appliance-based
• Provides user policy abstraction and automation
• Simplification of complex network configuration withCisco® application best practices
• Existing and new installations (Catalyst®, ISR, ASR, WLC)
Ready-to-deploy applications (October 2015):
IWAN (with a license)
Plug-n-Play (free)
Path Trace (free)
BENEFITS:Brownfield support
Ready-to-use-applications
Open, northbound API
APIC-EM Application Overview at GA
Public Cloud
Enterprise Network
Day 0Plug-and-Play App
Zero touch deployment of routers / switches / APs
Accelerated roll-out: Eliminates tech visits and shrinks deployment from months to minutes
Day 1Cisco IWAN App
Guided, fast auto-provisioning of IWAN solution with Cisco experts’ best practices
From 1000 CLI commands to 10 GUI clicks per branch
Day 2Path Trace App
Discover path between two end points based on 5 tuple
Rapidly troubleshoot congestion and ACL issues and lower OPEX for trouble ticket processing by 98%
BRANCH
NETWORK
New RouterNew Switch
PnP ApplicationIT
Simple Workflow Zero Touch
Provisioning
SDN
Open
Architecture
BENEFITS
APIC-EM PnP ApplicationUse Case: Auto-Discovery and Provisioning
Zero Touch Deployment.
Shortened Deployment Time.No On-Site Expert Needed
Increased Security. Decreased
Chance of Misconfiguration.
Network Plug and Play (PnP)
DiscoveryDevice can reach
PnP Server on APIC-EM1
DeploymentDevice receives target
image and configuration2
No StagingNo Staging Required
PnP Runs from Cisco
Factory-Default ConfigurationSwitches (Catalyst®)
Routers (ISR, ASR)
Wireless Access Points
Network Plug and Play (PnP) – Components
PnP Agent
Runs on Cisco® switches, routers, and wireless access points
Automates the deployment process
PnP Server
Central Server on APIC-EM
Manages sites, devices, images, licenses, workflow
Provides Northbound REST APIs
PnP Protocol
Runs between Agent and Server
Open Schema
PnP Helper App
[ Optional ]
Delivers bootstrap, status and troubleshooting checks
Redpark RJ45
Apple 30pin
Redpark RJ45
Apple 8pin
GetConsole
Airconsole2.0
Bluetooth Adapter
Cloud Redirect Service
[ Optional ]
Roadmap Phase 2
PnP – Discovery Options
Switches (Catalyst®)
Routers (ISR, ASR)
Wireless Access Points
1
2
3
4
5
DHCPServer
DNSServer
DHCP with options 60 and 43
PnP string: 5A1D;B2;K4;I172.19.45.222;J80
DNS lookup
pnpserver.localdomain ---- 172.19.45.222 (PnP Server)
Cloud re-direction - roadmap (Q4CY2015)
https://devicehelper.cisco.com/device-helper re-directs to 172.19.45.22
(PnP Server)
USB-based bootstrapping
Manual - using the Cisco® Installer App
iPhone, iPad, Android, (roadmap - Windows mobile and PC)
X Others
Any other manual or automated discovery method – Scripting, AN, EEM, NAP, etc.
PnP – DHCP Discovery Example
pnp profile pnp-zero-touch
transport http ipv4 10.51.89.147 port 80
Resulting PnP Profile in running-config
ip dhcp pool pnp_pool
network 10.51.89.160 255.255.255.248
default-router 10.51.89.254
option 43 ascii "5A1D;B2;K4;I10.51.89.147;J80"
Sample DHCP Server Config
Option 43 Format
5A = PnP DHCP ID
1D = PnP DHCP debug on
1o = PnP DHCP debug off
token.K = <protocol>
1: XMPP-starttls;
2: XMPP-socket;
3: XMPP-tls;
4: HTTP;
5: HTTPS
token.B = <address type> 1:host; 2:ipv4; 3:ipv6
token.I = <remote server ip add / hostname>
token.J = <remote server port>
token.P = <server jid>
token.N = user <name>
token.O = <password>
PnP – Simple & Secure & Consistent
Switches
(Catalyst)
Routers
(ISR/ASR)Wireless AP
APIC-EM PnP Dashboard
APIC-EM Bulk Import/Export
APIC-EM PnP REST API Support
Python
APIC-EM API
PnP REST API
Customer’s Existing
Automation Frameworks
Automation Framework
(i.e. Python scripts,
configuration generator, etc)
Device Repository
and Database
NETWORK
DMVPNSLA QoS
Path SelectionBusiness Policy:
App SLAIWAN
ApplicationIT
SDN
Simple Workflow Zero Touch
Provisioning
Business Level
Policies
Open
Architecture
Network,
Applications
Monitoring
BENEFITS
APIC-EM IWAN ApplicationUse Case: Cisco Best Practices & Knowledge for SDWAN
Note: IWAN App Release 1 targets less than 500 sites, 2 links per Branch with ISR4000.
From Weeks to
Minutes
Over 1000 CLI commands
reduced to 10 GUI Clicks
`
Three main areas:
1. Hub site and settings
2. Administration of
application policy
3. Branch site setup
IWAN App on APIC-EM
Policy-Driven IWAN Site Deployment including PnP and Monitoring
Step-by-Step Network and Hub Settings
Simple Policy Definition and Customization
NETWORK
ITTrouble Ticket
Path Visualization User
Simple Workflow
SDN
Open ArchitectureApplication Path
Monitoring
APIC-EM Path Trace ApplicationUse Case: Accelerate Trouble-Ticket Processing
Easy visual discovery of trouble spots in
communication path based on 5-Tuple
OPEX for ticket processing decreased by 98%
From 1.4 hours to 1 minute
APIC-EM Path Trace Hop-by-hop Details specific to 5-tuple Path
APIC-EM Path Trace"response": {
"request": {
"sourceIP": "212.1.10.20",
"destIP": "65.1.1.6"
},
"lastUpdate": "Thu Apr 23 01:23:21 UTC 2015",
"properties": [ ],
"networkElementsInfo": [
{
"id": "424621be-d2b4-4d42-ad16-92d4d5c19fa4",
"type": "WIRED",
"ip": "212.1.10.20",
"linkInformationSource": "Wired"
},
{
"id": "8beada2e-cd2c-421d-941f-3ba42696c489",
"name": "CAMPUS-Access1",
"type": "SWITCH",
"ip": "212.1.10.1",
"ingressInterface": {
"physicalInterface": {
:
Introducing APIC-EM and 3 Apps
Day 0 : Plug-and-Play App
Zero touch deployment of routers / switches / APs
Shrinks deployment from months to minutes
Day 1 : Cisco IWAN App
Guided, fast auto-provisioning of IWAN solution with Cisco experts’ best practices
From 1000s of CLI commands to a few policy deployments with a few GUI clicks per branch
Day 2 : Path Trace App
Discover path between two end points based
Lower OPEX for trouble ticket processing by 98%
3 N E W A P P L I C A T I O N S
Applications
SecurityOrchestration Automation Collaboration
SOUTHBOUND ABSTRACTION LAYER
CATALYST | ISR | ASR | WIRELESS
REST API
E N T E C H N O L O G Y D I F F E R E N T I A T I O N
APIC-EM Packaging and Deployment
Built as a
Linux Container
Grapevine
Root
LXC
Container
LXC
Container
GV
Client
GV
Client
Operation System
Server / Machine
Standalone or
Resilient Deployment
3 Nodes• active-active-active
• Scale and HA- Software failure- HW failure of 1 node
1 or 2 Nodes• active-active
• Scale and HA- Software failure only
Download or
Preinstalled Appliance
Download• .iso image including
ubuntu 14.04 64bit
• available from:- software.cisco.com- devnet.cisco.com
Cisco Appliance• APIC-EM installed
• ready-to-go
• or SKU:- APIC-EM-APL-R-K9- APIC-EM-APL-G-K9
APIC-EM Deployment Considerations
`
Bare Metal/HW Appliance Virtual Machine
GV Root
GV Client GV Client
Libs/Bins Libs/Bins
LXC
Container
LXC
Container
Server Hardware
Operation System
Server Hardware
Hypervisor and/or Host OS
Virtual Machine
Operation System
GV Root
GV Client GV Client
Libs/Bins Libs/Bins
LXC
ContainerLXC
Container
`
Before You Deploy: System Requirements
Server: 64-bit x86 (supported by Ubuntu 14.04 LTS)
vCPU: 6 (2.4 GHz) or more
RAM: 64 GB (for single-host deployments)/
32 GB (for multi-host deployments)
Storage: 500 GB HDD
− Hardware-based RAID at RAID level 10
− Disk I/O Speed: 200 MBps
Network adaptor: 1 x
Browser: Google Chrome (44.0 or later)
Hypervisor: VMware vSphere 5.1/5.5
(for Virtual Appliance)
`
Scale Numbers
Network
Devices:
2000
Access
Points:
2000
End
Hosts:
20,000
Note: These scale numbers are for the APIC-EM platform and the base applications.
Some other APIC-EM applications might have different scale numbers. At GA: IWAN App Release 1 targets < 500
sites, 2 links per Branch with ISR4000
Devices SupportedGeneral Availability Release
`
Device Series
Catalyst 2960-X/XR Series Switches Catalyst 4500x Series Switches
Catalyst 2960-S Series Switches Catalyst 4900 Series Switches
Catalyst 2960 Series Compact Switches Catalyst 6500 Series Switches
Catalyst 3560 Series Compact Switches Catalyst 6800 Series Switches
Catalyst 3650 Series Switches Cisco Nexus 5000 Series Switches
Catalyst 3850 Series Switches Cisco Nexus 7000 Series Switches
Catalyst 3750-X Series Switches
EtherSwitch Modules for Integrated
Services Routers: SM-E22-16-P, SM-
ES2-24-P, SM-D-ES2-48, SM-ES3-16-P,
SM-ES3-24-P, SM-D-ES3-48-P
Catalyst 3560-X Series Switches Industrial Ethernet 2000 Series Switches
Catalyst 4500 Series Switches Industrial Ethernet 3000 Series Switches
LAN
Device Series
4000 Series Integrated Services Routers
Integrated Services Routers Generation 2
ASR 1000 Series Aggregated Services Routers
ASR 9000 Series Aggregated Services Routers
Cisco Cloud Services Router 1000v
WAN
Device Series
Wireless LAN Controllers (IOS XE & AireOS)
WLAN
Common Policy Model from Branch to Data Center
Application Network Flow Profile
SLA, Security, QoS, Load Balancing
User and Things Network Profile
QoS, Security, SLA, Device, Location, Role
Cloud Data Center WAN Access
POLICY
DATA CENTER WAN AND ACCESS
CISCO® ADVANTAGE
BROWNFIELD AND
GREENFIELDEND TO END
POLICY FRAMEWORK: FOCUS ON
APPLICATION AND USER ENABLEMENT
You @ DevNet Developer Ecosystem
Application-aware
Performance
Management,
Visualization, Granular
Troubleshooting,
Real-time analytics
and Flow Visibility
Advanced
Orchestration,
Provisioning,
Lifecycle Mgmt, and
Customized Policies
UC Integration and
monitoring
Defense Force
for Security
Securing SDN
Controller
Deployments
Compliance Topology
visualization
across AWS and
multiple controllers
Average Growth
per Month
20APIC-EM DevNet
Companies
153devnet.cisco.com
Forum | Sandbox | API Index | Documentation
Resources and Starting Points
• Demos in dCloud and DevNet Sandboxes (today still running EFT code, upgrading in the coming weeks)
• APIC-EM @ CCO: www.cisco.com/go/apicem
• APIC-EM @ DevNet: devnet.cisco.com/site/apic-em
Cisco YouTube
https://www.youtube.com/watch?v=mUY5Er-fjOs
