52

Enterprise SDN - APIC Enterprise Moduled2zmdbbm9feqrf.cloudfront.net/2015/anz/pdf/BRKRST-2641.pdfEnterprise SDN - APIC Enterprise Module BRKRST-2641 ... CLI, Netconf, etc API ... for

Embed Size (px)

Citation preview

#clmel

Enterprise SDN - APIC Enterprise Module

BRKRST-2641

Adam Radford

Distinguished Systems Engineer

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Agenda

• Introduction

• APIC-EM

• NB API

• Scale out

• Interaction with Prime Infrastructure

• Conclusion

Introduction

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Level 0/10 Level 2

Maturity Model

Level 1 Level 3

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Cisco ACI Common Policy Model

APPLICATION

PROFILE

USER

ACCESS

APIC EMAPIC EM

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Cisco APIC Enterprise Module Architecture

Abstracts Network Devices to Mask Complexity

Treat Network as a System

Exposes Network Intelligence

For Business Innovation

Cisco APIC Enterprise Module

Cisco and Third Party Applications

Network DevicesCatalyst, ASR, ISR

Network Info Database

PolicyInfrastructure

Automation

REST API

CLI, Netconf, etc API

Security QoS ZTD Path Selection

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Policy Engine – Business Intent

Intent Policies

High Level Constructs

Translation

Network Control Functions

QoS ACLConfiguration

Translation of high level

constructs to network control

functions reduces skills gaps

and clarifies policy procedures

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

An Example

Intent Policies

High Level Constructs

Translation

Network Control Functions

QoS ACLConfiguration

UI:: BradWebAllow: Brad Web allow

Policy Manager:: Business Policy -> Network Policy

Policy Programmer:: Network Policy-> Network Cmds

Scanner-Service:: Network Commands -> device

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Evolution to a Campus/WAN Policy Model

policy

traditional

co

nfigura

tion

traditional

policy policy

ACIToday

traditional

Time

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Reality of Adoption

co

nfigura

tion

traditional

Today

Time

policy

traditional

Traditional

Read

Only

Apps

Earn

Trust

APIC-EM

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

APIC-EM: Services Layered View

NB REST API

Pxgrid Client + LDAP client

Radius Proxy + LDAP client

Inventory

Topology

Policy Analysis

PnP

Network Discovery

Network Programmer

Policy Programmer (QoS, ACL)

Network Tapping

Easy QoS

Network Events

Policy Manager

Conflict Detection and Resolution (BI and NI)

Business Intent to Network Intent

Conversion

NETWORK

MODEL

DEVICE

MODEL

DEVICE

INTERFACE

Application Visibility

PfR

APIC

-EM

Serv

ices

APIC

-EM

Apps

IWAN Services

APIC-EM Services

IWAN Services

Basic Services for Controller Availability

Inventory Visualiser

Topology Visualiser

Application Visualiser

Discovery

Easy QoSVisualiser

Compliance Check

ACL Visualiser

Network PnP

Network Tapping Visualiser

Policy Manager

NETWORK13

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Controller Home Page

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Topology

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Path Trace Application – 5 Tuple

Exact path through network

- Netflow

- Cef

- Traceroute for unknown

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Use Case: Path Visualisation via Collaboration AppMapCollab App

17

APIC

CUCM Cluster

Map

Co

llab

Serv

er

SIP RegistrationSIP Registration

SIP MessagesSIP Messages

• 5 tuple• Information on active calls:

1

5 Tuple

2

Path

3

User Sees Path (UI)

4

MapCollabClients

WWW &

REST API

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Path Trace – CAPWAP Tunnels

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Cisco Intelligent WAN (IWAN) App for the APIC-EMEnables IT automation through centrally managed policies

• Simplified workflows — use case driven with step-by-step provisioning

• Zero touch provisioning – plug & play for remote devices without user intervention

• Business - level policies – application rules drive network actions and abstraction of underlying policy configurations

• Open architecture – northbound API

• Network and application monitoring – status, alerting of network issue

19

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Cisco Intelligent WAN App for APIC-EM

Business Policy Dictates Network Action

IT Admin

Business

Policy:

App SLA

APP DMVPN

SLA

QoS

Security

Path

Selection

Access Application

Network Profile

NETWORK

SDN

Simple Workflow

Templates

Zero Touch

ProvisioningBusiness

Level Policies

Open

Architecture

Network, Applications

Monitoring

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Site topology choices in IWAN app

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Link type selection in

IWAN app

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Application priority policy setting in IWAN app

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Network Plug-N-Play – Simple, Secure, Scalable

Unskilled

InstallerGUI Based

Consistent for devices &

PIN(Campus/Branch)Secure

Zero-touch

RMA

Greenfield

& Brownfield

Central Staging Facility

Site-1

• Install OS

• Install base

configNetwork

Admin

Installer

Site-3

Today’s Process

Site-2 Site(s)

Network PnP

Pre Provision Projects/Sites

Network Admin

1

Install & Power-on devices

2

Installer

Monitor device installation

3

Network Admin

Reseller/Part

ner

Ships

equipment

NB API

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Three Classes of Use Case

NetOps Net Integration Net Innovation

"HOW" to "WHAT"

Cultural change: "TEST and VERIFY" "TRUST"

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

RESTful Services Exposed

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

API: VERBS + NOUNS + SYNTAX

GET

POST

PUT

DELETE

JSON Syntax:

{

"policyOwner": "Admin",

"networkUser":

{"userIdentifiers":["40.0.0.15"],

"applications":[{"raw": "12340;UDP"}]

}

}

Header: Content-Type: Application/JSON

https://test-apic/api/v0/policy GET/POST

/host

/link

/network-device

/interface

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

General Structure

GET /noun/count, /noun/{id}, /noun?offset=1&limit=500, /noun/1/500

POST Now Asynchronous. Returns 202 status code and a ‘taskId’

GET /api/v0/task/{taskId} to find out result

PUT Now Asynchronous. Returns 202 status code and a ‘taskId’

GET /api/v0/task/{taskId} to find out result

DELETENow Asynchronous. Returns 202 status code and a ‘taskId’

GET /api/v0/task/{taskId} to find out result

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Swagger

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Try it out!!!

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Postman

Verb

URI

(Noun)

Response

Code

Body

Syntax

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

API Structure

33

/ztd-site/

/device/file-service/

file/config

file/image

2

1

/ztd-device 3

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Create a Rule

34

https://adam-ztd:443/api/v0/ztd-site/device POST

{

"hostName" : "test-switch6",

"site" : "Sydney",

"platformId" : "WS-C2960X-48FPD-L"

}

IMPORTANT: Name of "site" rather than UUID

These are only three mandatory attributes

Default "status" is PENDING

"serialNumber", "configId", "imageId", are often used

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

User Interface

35

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

More on API – developer.cisco.com

Scale Out

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Grapevine Console

serviceStart/stop

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Physical Host

Architecture

Root VM: Manage client spin-up.

• Operation and update of services.

• Service catalog

Client VM(s): Controlled by root.

• Where services run

Client VM(s): Controlled by root.

• Where services run

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Stateless Services

$ ./bin/harvest_all_clients

Harvesting client b2c1f0f0-b616-4606-a5ea-60d0a4edc33c...

Harvesting client 6a699442-201e-4d4f-a558-dc1125010bdb...

Harvesting client 76dca644-be38-43ea-bb37-c24e595f38bd...

Harvesting client 4c230bed-bd2f-4582-90e2-36e3bd5961e7...

Task 'b75745a2-ba72-11e4-a41d-005056b1beb8' completed

successfully

(grapevine)

$ ./bin/grow_all_services

Growing reverse-proxy latest...

Growing router latest...

Growing telemetry-service latest...

Growing postgres latest...

Growing cas-service latest...

Growing data-access-service latest...

Growing rbac-service latest...

Growing task-service latest...

Growing data-uploader latest...

Growing file-service latest...

Growing identity-manager-pxgrid-service

latest...

Growing inventory-manager-service latest...

Growing network-discovery-service latest...

Growing network-poller-service latest...

Growing policy-analysis-service latest...

Growing port-stats-service latest...

Growing topology-service latest...

Growing ui latest...

Task 'd182b83a-ba72-11e4-a41d-005056b1beb8'

completed successfully

Shutdown/resume

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Physical Host Physical Host Physical Host

Service Upgrades (1)

… and service catalogs are

updated with new version…

Cloud Store

Cisco deploys new version

of service to the cloud…

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Physical Host Physical Host Physical Host

Service Upgrades (2)Grapevine automatically

deploys the new version of

the service…

Interaction with Prime Infrastructure

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

What About Network Management?

Management

(NMS)

NE NE NE NE

Customer developed

provisioning tools, manual CLI

changes, and run book

automation for IT Operations

support

Controller

(APIC-EM)

Management

(Provisioning and Assurance)

Automation

(Workflow / Orchestration)

NE NE NE NE

Customer input on business /

service intent

Traditional Management SDN Led Management

Feature

Configuration

Policy

Automation

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Systemic View of Management / Control Roles

Network Infra

Owns the communication to/from the network and drives programmability

Stores, processes and visualisesall historical data for monitoring

and network change

Orchestrates sequential changes and enables IT process execution

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Key Milestones to SDN Led Management Evolution in 2015

Q1 2015 Mid-2015 Q4 2015

APIC-EM CA

Path Visualisation application for

network path tracing

APIC-EM GA

Scalable controller foundation

supporting multiple use case / apps

APIC-EM Updates

Expanded application support across

multiple enterprise use cases

Prime Infra 2.2 FCS (Dec 2014)

Cross domain monitoring across WAN, Access, DC

Prime Infra Niihau

Integration with APIC-EM for core

network service automation

Prime Infra Lanai

Integration with APIC-EM and

Automation as System of Record

APIC EM Apps

IWAN App GA with dynamic QoS

changes; BSA app EFT

APIC-EM Apps

Multiple apps across Wireless, Access,

Collab, Security and Automation

APIC-EM Apps

IWAN app EFT with policy based provisioning of Secure WAN

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Cisco Controller and Management System Portfolio for the Campus/Branch in 12-24 Months

Common Controller Layer

for Campus/ Branch

Policy

Prescriptive

Provisioning

Feature

Configurable

Provisioning

Common Monitoring / Assurance

Common Automation LayerSystem of

Automation

System of Record

System of Change

NE NE NE NE NE

APIC-EM

Multiple APIC-EM

Apps

Prime

Infrastructure

Prime Infrastructure

Branch Service Automation

NE NE NE NE NE

Summary

Q & A

© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public

Give us your feedback and receive a

Cisco Live 2015 T-Shirt!

Complete your Overall Event Survey and 5 Session

Evaluations.

• Directly from your mobile device on the Cisco Live

Mobile App

• By visiting the Cisco Live Mobile Site

http://showcase.genie-connect.com/clmelbourne2015

• Visit any Cisco Live Internet Station located

throughout the venue

T-Shirts can be collected in the World of Solutions

on Friday 20 March 12:00pm - 2:00pm

Complete Your Online Session Evaluation

Learn online with Cisco Live!

Visit us online after the conference for full

access to session videos and

presentations. www.CiscoLiveAPAC.com

Thank you.