Two incredible engineers: Shane Corban from Cisco and Carl Caum from Puppet Labs came together to be our guest experts for this workshop. See the demos in the replay at bit.ly/1lJQm3A

1. TECHNOLOGY YOU CAN USE, FROM GEEKS YOU CAN TRUST!
Robb Boyd @robbboyd techwisetv.com

2. TechWiseTV Workshop -Accelerate
Your IT Tasks with Open NX-OS
Shane Corban Product Manager Cisco
Carl Caum Technical Marketing Puppet
December 10th 2015

3. • Open NX-OS Introduction & Level Set
• Open NX-OS Linux Architecture & Capabilities
• Open NX-OS Devops Tool Integration
• Open NX-OS Programmability Options
Agenda

4. What problem are we trying to solve?
“I can spin up servers in minutes with my Configuration Management
Tool workflows, why does it take orders of magnitude more to spin
up and affect change on my Network Elements?”
IT Organizations adopting DevOps processes and tools deploy 30x
more frequently with 200x shorter lead times; they have 60x fewer
failures and recover 168x faster.

5. Services
CMT
NetworkApplications
CMT
Compute
CMTApplication
Requirements
Configuration Management
Tool (CM Tools)/ Open API’s
Data Center Automation and IT Collaboration
Today: Serialized Configuration and Management
SUCCESSFUL
DEPLOYMENT
Slow Manual
Error Prone – Bottle Neck!

6. POAP
BootStrap
and
Provisioning
PXE
NX-API
CLI
Programmability
Tools
Package and
Application
Management
Native Agent
SDK
Extensibility Server
Management
Tools
Standard
Open
Interfaces
Ease of
Operations
Modular Open 3rd Party Apps Programmable
Ready for
DevOps
Cisco NX-OS – Programmable – Extensible – Open
NX-API
REST

7. • Open NX-OS Introduction & Level Set
• Open NX-OS Linux Architecture & Capabilities
• Open NX-OS Devops Tool Integration
• Open NX-OS Programmability Options
Agenda

8. Off the shelf Applications without modifications
Leverage ability to install third party packages
in Secure Guestshell or natively in NX-OS kernel
• Install all third party applications
(Puppet/Chef, Splunk/Nagios/Ganglia) as RPMs
Daemon managed via standard
Linux interfaces
Built-in support for YUM package
manager
Patching and upgrade using standard
rpm/yum workflows
• NX-OS processes(BGP) can be
upgraded/patched via “yum update”
Open NX-OS Linux Based Architecture
C app with
standard Linux
constructs
Open Embedded
64 bit Build
Environment
RPM
Upload
Linux Daemon
Linux Kernel
Raw Socket
Netdevs
Libpcap
init.d
Monitoring
server
ASIC
Target Switch
Package as RPM
Build Server
Cisco/Local
Repository
RPM Local
Repository

9. Kernel (cgroup, LSM)
NX-OS root file system
Native
Linux
Processes
Native
Linux
Processes
Bash Bash
Native
Linux
Processes
Native
Linux
Processes
Native
Linux
Processes
Guest root file system
Pkg-1.rpm Pkg-2.rpm
Pkg-2.rpm Pkg-3.rpm
Ns=globalNs=global Ns=guestshell Ns=guestshell Ns=guestshellNs=global Ns=guestshell
Native Shell, RPM +
Containers
• Secure common distribution CentOS7 environment in which customer may install their own custom
applications
• Use “guestshell resize” command to restrict CPU/memory/rootfs resources available to Guest
Shell
Open NX-OS: Third Party Application Integration
Secure Guest Shell
Pkg-4.rpm

10. • Open NX-OS Introduction & Level Set
• Open NX-OS Linux Architecture & Capabilities
• Open NX-OS Devops Tool Integration
• Open NX-OS Programmability Options
Agenda

11. https://opennxos.cisco.com
Built on Flexible and Modular Linux
Shipped
Q3CY15
Reduce OPEX and Enable Rapid Application Deployment using DevOps Model
OPEN
NXOS
KEY BENEFITS
Reduced maintenance windows, higher availability
enabled by non-disruptive RPM-based live patching and
process restart
Choice of DevOps automation and monitoring tools,
enabling rapid application deployment and enhanced
visibility
Integrate natively and securely using common DevOps
configuration management tools – Chef/Puppet/Ansible
Enable greater network visibility using industry standard
analytics tools – Splunk/Ganglia/Nagios
Flexibility to integrate off-the-shelf and custom
applications using the Linux SDK

12. Automating Device Operational Lifecycle
Day 0
Install
Day 1
Configure
& Operate
Day 2
Optimize
Day N
Upgrade
GOAL:
Get a device/s into an
operational state?
CHALLENGE:
“I can bring up a server in
5 minutes, but a switch takes
2 days…”
GOAL:
Get the network into an
operational state?
CHALLENGE:
Automation of configuration
for servers and applications
is relatively easy how can my
network be as easy?
GOAL:
Continuously upgrade
features within my network,
incrementally and safely?
CHALLENGE:
I can dynamically patch Linux
with automated tools; why
can’t I do the same with my
network devices?
GOAL:
Add dynamic services, optimize
behavior and trouble shooting?
(Includes information from
applications and the network
correlated).
CHALLENGE:
My compute and application
platforms are open and
extensible why is my network
not?
Ignite &
POAP/PXE
Ansible,
Puppet and Chef
NX-API REST
Ansible
Puppet and Chef
and
Guestshell
Modular NxOS
Patachablity,
ISSU
Puppet/Chef/Ansible
NX-API REST ensure
model compliance
Guestshell,
Splunk/Nagios

13. https://github.com/datacenter/ignite
Enabling Day Zero Provisioning with Open Source Tools
PXE/iPXE
Automate day zero provisioning with open source,
standards-based tools
Provides GUI for topology and configuration
design packaged as an OVA, support for KVM or
VMware
Acts as an image and configuration template store
for POAP
Use python script extensions for third party
application installation and post boot
customizations
Operational Choice: Supported across Nexus 3K
& 9K, bootstrap NX-OS using existing compute
PXE/iPXE servers for switching infrastructure
Shipped
Q3CY15
Simplify Operations, Eliminate Provisioning Errors, Reduce Cost with
OPEN
NXOS

14. Puppet/Chef Master Server
Native Linux Service
/etc/init.d/puppet.d & chef.d
NX-OS
Cisco Puppet/Chef Agent
NX-APICisco Puppet/Chef
Module(Incl Utility
GEMs)
Linux Software
Repository
Server
Yum/RPM install
puppet/chef.rpm
• Support for Puppet, Chef and Ansible
• Cisco Puppet Agent RPM/software package posted
to Puppet forge and Open Sourced to Github
• Install Cisco Puppet Module on Puppet Master
• Yum install Puppet Agent rpm on switches
• Switch Agent periodically will poll Puppet/Chef
Master for updated catalog/cookbooks and attempt
to converge switch to desired state
CM Agent Based Tool Architecture –
Chef/Puppet

15. Type/Provider Roadmap:
VXLAN EVPN – Q1CY16
Virtual Port Channel – Q2CY16
Segment Routing – Q3CY16
Open NX-OS Puppet/Chef
Cisco Chef & Puppet Agent Types/Provider Support
Chef/Puppet Agent Types/Providers
cisco_vtp
cisco_tacacs_server
cisco_tacacs_server_host
cisco_snmp_server
cisco_snmp_community
cisco_snmp_group
cisco_ospf
cisco_ospf_vrf
cisco_vlan
cisco_bgp
cisco_bgp_vrf
cisco_interface
cisco_interface_ospf
cisco_interface_vlan
• Agents RPM installed natively on switch, using agent RPM or
within isolated guestshell environment
• Supported Agent Types/Providers for Camden
• Cisco Network Element Chef/Puppet module code published on
Git and Forge/Supermarket
• Agent is extensible beyond what we support by default by
using the utility classes OR:
• Agent is also extensible by embedding CLI using
cisco_command_config resource construct

16. Puppet Enterprise Overview
Automate for Speed & Reliability
Carl Caum
Technical Marketing Manager at Puppet Labs

17. Reduce The Timeline

18. • Deliver value to business
faster, more reliably
• Meet compliance & audit
requirements
• Adopt & mature DevOps
practices & supporting
technologies
• Adopt new technology while
supporting & sun-setting old
• Too much fire fighting
• Scripting & manual
processes aren’t cutting it
• Provisioning systems & apps
is manual, costly
• Unexpected configuration
changes
• Difficult to keep up with
demands from the business
Common Challenges. Critical Initiatives.

19. Our software
automates the provisioning,
configuration &
ongoing management
of your network & the applications,
services & software running on them.

20. Automation Best Practices
Model & Enforce Your Desired State
Model desired state Continually enforce Audit & report

21. Automation Best Practices
Across The Lifecycle
Provisioning DecommissioningInitial configuration Orchestration

22. Where To Start
Infrastructure as Code
Version
Control
Configuration
Management
Peer Review
Collaboration IterationFast Feedback Visibility
Continuous
Delivery
Automated
Testing &
Deployments

23. How we help:
• Apply DevOps practices to networking
• Manage the network just like compute
• Unify change insight & management for all
infrastructure at all levels of the application stack
A Unified Platform for Your Infrastructure
Network
Compute

24. • Use Case 1.1: Automatically deploying
configuration based on roles
• Use Case 1.2: Understanding change as it occurs
on the network
Demo 1 – Automating Open NX-OS with Puppet

25. • All CM tools enforce model compliance and eliminate
configuration drift
• All CM tools provide audit logging of change
• All CM tools support concept of no-op runs
Configuration Managements Tools
Agent v/s Agent-less Architecture
• Agent based CM are “pull based”
• Agent on managed device connects
with master for config information
periodically
• Changes made on master are pulled
down and executed
• Operations are Idempotent
• Puppet and Chef are agent based
• Agent-less CM are “push based”
• CM scripts are run on the master
• Scripts connect to the managed
device and execute the tasks
• No timer, control lies with the master
• Operations are Idempotent
• Ansible is agent-less

26. Ansible Enterprise
Automation
Simple. Agentless. Powerful.
Control. Security. Delegation.
/Uses OpenSSH & NX-
API
/No extra code to manage
/Ready for cloud-scale
/Uses YAML for playbooks
/No special coding skills
needed
/Fast learning curve
/Tasks in playbooks executed
in order
/App deployment
/Orchestration
/Configuration
management
/Eliminates Config Drift
/Role-Based Access Control
/Delegation of
credentials/keys
/Audit trail for automation
/Centralized job runs
/Job scheduling
/Automation dashboard
/Push-button job execution
/Portal mode for delegation
/REST API for integration
Ansible
Open Source
Ansible
Tower
Ansible 2.0 Release with
Tower in Q1CY16
includes complete
support for Nexus
platforms

27. Configuration Management
Continuous Development
/Source Control
CI Test Simulation
Environment
Continuous Integration/Build
The Platform
DevOps: Tooling Categories

28. Open NX-OS Virtual Nexus 9000
• Use with Beaker/KitchenCI for
ongoing application integration testing
• Test more often and catch errors early
and often prior to live deployment
• Integrated support for Vmware
Fusion, ESX 5.1/5.5 and
KVM(QCOW2), VMDK(Virtual Box)
• Available under controlled availability
– email get-n9kv@cisco.com with
CCO ids for access
• Targeting Public Release CY16 of
v9K, with ViRL integration
• Feature Parity 7.0(3)I2(2)
v9k Test Fabric
CI Tools

29. • Use Case 2.1: Provisioning new tenant workloads
for the network takes an exhorbitant amount of
time manually, use Ansible and Open NX-OS to
reduce this from days to mins
Demo 2 – Open NX-OS Ansible Demo

30. • Open NX-OS Introduction & Level Set
• Open NX-OS Linux Architecture & Capabilities
• Open NX-OS Devops Tool Integration
• Open NX-OS Programmability Options
Agenda

31. https://opennxos.cisco.com
Customized Automation with NX-API REST
Shipped
Q3CY15
Shorten Network Deployment Times, Reduce Human Error, Build Flexible, Responsive
Automation Architecture
OPEN
NXOS
KEY BENEFITS
Model Based – Provides a scalable, object model based
architecture for custom automation tool development
Secure - Access to all network objects is authenticated,
encrypted and authorized with AAA (Tacacs+, Radius)
Change Based Notifications - NX-API REST
applications can subscribe to events from network
objects without redundant polling, providing:
Application performance benefits
Application processing time reduction
NX-API contains a modeled representation of critical NX-
OS features in a tree based hierarchical model
Objects are modified and queried using HTTP REST API
calls
System
Router-ID
PeersEth1/1
Eth1/2..
ARP Entries
Physical BGP
Object Store
• class
• dn: distinguished name(url)
• statistics
• Properties(xml/json)
• object prop1
• object prop2
…
MIT
ARP
Publisher
Subscribe
Any Updates –
BGP Object
Push Notification
– BGP Peer Down!

32. What are we trying to solve with NX-API REST?
Limitation with CLI Modeled Automation:
Screen Scraping:
• With NX-API REST and the object model you send objects in XML/JSON not
CLI’s to the switch, and receive objects back from the switch, removing the need
for manipulation of strings in automation tools.
Centralized Database:
• Direct access to our centralized database(object store), resulting in automation
tool performance improvements, no more need to go through CLI software layers
Sequencing:
• With NX-API REST there is less need to be aware of command sequencing when
configuring something (conf t ; router bgp ; neighbor…)
• Want to remove or update something? Re-do potentially have to redo the whole
CLI sequence with a “no” to the last command and re-configuration, so you need
to build this intelligence into your automation.

33. Referencing an Object in NX-API REST:
Distinguished Name
 Globally unique identifier for an object in the database
 For example:
 Adding a peer address to BGP default domain:
 DN: sys/bgp/inst/dom-default/peer-[192.168.0.2]
 Viewing a physical ethernet interface’s port capabilities:
 DN: sys/phys-[eth1/1]/phys/portcap
 Object Definition or naming rule will be posted to http://developer.cisco.com
System
BgpEntity BgpInstance BgpDomain BgpPeer
BgpLocalASN
BgpPeerAf
BgpPeerEntry
L1PhysIf
ethpmPhysIf ethpmPortCap
L1Load
L1StormControl

34. How do I utilize it?
• To configure or update something: push an new object
to the switch via the HTTP POST REST API call
• To check status of something: read the relevant object
using HTTP GET REST API call
• To monitor something:
• Subscribe to an object for events related to that particular object
• The switch will send you a push notification when this object
changes

35. • Use Case 3.1:Automation the provisioning of a BGP based
programmable fabric utilizing our NX-API REST object
model. Reduce time to fabric deployment from days to
mins.
Demo 3 – Open NX-OS NX-API REST Demo

36. Open-NXOS Reference Links
Software Link
Chef Agent (Supermarket)
Chef Cookbook
http://supermarket.chef.io
https://github.com/cisco/cisco-network-chef-cookbook
NX-API REST Model https://opennxos.cisco.com/public/api/nxapi-rest/
Puppet Agent (Puppetforge)
Puppet Module
http://forge.puppetlabs.com
https://github.com/cisco/cisco-network-puppet-module
Native 3rd Party Agent Repository
(Cisco Repository)
http://developer.cisco.com/opennxos
Nexus 3/9K GiT Repository (Scripting
Examples, etc)
http://github.com/datacenter/nexus9000
Ignite Open Source Toolkit
NX Toolkit
https://github.com/datacenter/ignite
https://github.com/datacenter/nxtoolkit
SDK for developing native application
RPMs
www.yocto.org

37. Question/Thoughts?
THANK YOU

38. Thank You for Attending
For TechWiseTV episodes, TechWiseTV Workshops, Fundamentals and
Networking 101’s visit http://www.Cisco.com/go/TechWiseTV.com.
https://www.facebook.com/techwise
https://twitter.com/techwisetv