TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
•Download as PPTX, PDF•
2 likes•1,268 views
Watch the REPLAY right now: http://bit.ly/2YoLbt3 Enterprise networks are now dealing with massive volumes of data, with a critical need to collect and analyze this data to respond faster and deliver insightful context. Traditional approaches, in which data is processed in remote servers, will no longer work. Data can burden the network unless some context is known. Edge computing can greatly reduce the data sent to the cloud or a remote server. Collecting and analyzing the data at the edge and making decisions locally rather than in centralized servers significantly reduces the latency and bandwidth of the network. Powered by an x86 CPU, the application hosting solution on the Cisco Catalyst 9000 switching family provides the intelligence required at the edge. Native Docker engine support on the switches will enable users to build and bring their own applications without additional packaging. Cisco DNA Center will provide consistent workflows to manage the entire application lifecycle across multiple Cisco Catalyst 9000 switches through the App Hosting dashboard. Resources: Watch the related TechWiseTV episode: http://cs.co/9001EIbih TechWiseTV: http://cs.co/9009DzrjN
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
Similar to TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches (20)
More from Robb Boyd
More from Robb Boyd (20)
Recently uploaded
Recently uploaded (20)
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
- 1. Surya Raju, Product Manager, Enterprise Switching Sai Zeya, Technical Marketing Engineer 26 JULY 2019 Enabling Intelligence at the Edge Application Hosting on Cisco Catalyst 9000 Switches
- 2. C97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential A new era in intent-based networking Cisco Catalyst 9000 switches with Cisco IOS XE Networking at the speed of software UADP x86 Licensing Secure Programmable Tens of thousands of customers and growing! “Catalyst 9000 continues to be the fastest ramping product in the company's history.” — Chuck Robbins, CEO Cisco Systems Overall product of the year 2017 and 2018 CRN Winner
- 3. C97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Catalyst 9000 switches with open Cisco IOS XE Day 0 Day 1 Day 2 Day N Device onboarding Provisioning automation • Pre-boot execution environment • Zero-Touch Provisioning (ZTP) • Plug and play Device configuratio n Model-driven programmability • Network configuration protocols • YANG data models Device monitoring Model-driven TelemetryTelemetry Device optimization Software image management • Guest shell (On-box Python) • Application hosting Intent Context Intent-based Network Infrastructure
- 4. C97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Continue your intent-based networking journey with application hosting Reduce TCO and minimize OpEx Choose Cisco DNA Advantage license
- 5. C97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Application hosting value proposition With Cisco Catalyst 9000 switches and Cisco DNA Center Key business outcomes Concerns Solution Network monitoring and troubleshooting • Difficult to pinpoint issues across multiple network domains • Time-consuming when using traditional methods • Quickly ascertain source of bottleneck • Identify patterns and trends • Draw performance baselines Security • Network behavioral deviations • Phishing/snooping • Insider threats • IoT vulnerabilities • Detection of intrusion and deception techniques • Incident response and forensics all in one place App lifecycle management orchestrated by Cisco DNA Center Flexible runtime environment with native Docker engine Build your own apps or bring your own apps
- 6. C97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential SECURITY Memory and CPU usage for Apps are bounded using cgroups. DEFINITE AMPLIFIED FOCUS ON SECURITY Disk usage is isolated using separate storage – SSD or SATA. ISOLATION Encryption via AES-256 HW encryption of the internal SATA SSD. AES-256 Complete bash is not opened up as it might end up as a huge security threat. Safe kernel space. CONTROLLED Master password - Factory installed on all USB3.0 drives. Can unlock the device if the User password is lost. MASTER PASSWORD RESTRICTED Process and file access are restricted using user namespace. USB password can be configured on the switch. HOST AUTH Host authenticated USB password encrypted internally using type 6 encryption with global master key. TYPE-6 ENCRYPTION
- 7. C97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Catalyst 9000 switch storage and compute Resource type Catalyst 9200 Catalyst 9300 Catalyst 9400 Catalyst 9500* Catalyst 9500 High Perf* Catalyst 9600* Networking Front panel ports (1G) No Yes Yes* No No No Resources Memory No 2GB up to 8GB up to 8GB up to 8GB up to 8GB CPU No 1 core (25%) 1 core (25%) 1 core (25%) 1 core (25%) 1 core (25%) Storage No 120GB (USB3.0/SSD) 240-960GB (SATA) 120GB (USB3.0/SSD) 240-960GB (SATA) 240-960GB (SATA) Catalyst 9300/9500 USB 3.0 120GB Back panel Catalyst 9400 M2 SATA 240/480/960GB Plug into removable SUP Catalyst 9500 high-performance M2 SATA 240/480/960GB Back panel For local storage and app hosting production • 3rd party USB drives in front panel are not supported • Applications can be hosted via CLI too * Roadmap
- 8. C97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Catalyst 9000 switching application ecosystem • Cisco will not provide any support to third-party apps and open source apps unless specifically called out. • Such apps, however, will be validated for compatibility on Cisco® Catalyst® 9000 switches. • DevNet ecosystem will indicate the partners who have worked on Cisco Catalyst 9000 switches. ISC DHCP Server tshark Application hosting personas IT Manager Select apps DevNet ecosystem Software Developer Develop apps Docker toolchain Operations Engineer Deploy apps Cisco DNA Center iperf
- 9. C97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Catalyst 9000 platform support Cisco Catalyst 9000 switch platform Cisco Catalyst 9400 Series Cisco Catalyst 9300 Series Backbone switching Cisco® Catalyst® 9200 Series Un- supported Cisco Catalyst 9500 Series Cisco Catalyst 9600 Series Roadmap Roadmap Q4FY19 Roadmap Access switching Cisco Catalyst 3650/3850 Cisco Catalyst 4500E Series Cisco Catalyst 3850F/4500-X Cisco Catalyst 6840-X/6880-X Cisco Catalyst 2960-X/XR Cisco Catalyst 6807-XL/6500-E
- 10. Competitive edge Feature Cisco IOS XE Arista EOS ArubaOS Aruba OS-CX Juniper Junos Huawei VRP Application hosting capability Natively supported via the EOS Linux bash SLAX or JET SDK are available for app hosting, development or/and running Orchestration CLI, Cisco DNA Center Open – Do at your own risk CLI CLI On box python Built-in Built-in Built-in Built-in Native docker support Supported platforms Catalyst 9000 switches All platforms 3810X, 29XX 8320, 8400 EX43XX, 34XX, 23XX S5720HI, S5720SI Not present Basic AdvancedPartial
- 11. C97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Get hands on and explore more about Application Hosting on DevNet https://developer.cisco.com/app-hosting/ For any feedback, suggestions or queries, write to App Hosting team c9k-apphosting-core@cisco.com https://switching.cisco.com/switching-products-solutions/solutions/app-hosting-cat9k Application Hosting resources
- 12. C97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Code For Catalyst Challenge 2019 Build for Catalyst 9300 platform to win the challenge! https://developer.cisco.com/app-hosting/challenge/
- 13. C97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Catalyst 9000 switch storage and compute Resource type Catalyst 9200 Catalyst 9300 Catalyst 9400 Catalyst 9500* Catalyst 9500 High Perf* Catalyst 9600* Networking Front panel ports (1G) No Yes Yes* No No No Resources Memory No 2GB up to 8GB up to 8GB up to 8GB up to 8GB CPU No 1 core (25%) 1 core (25%) 1 core (25%) 1 core (25%) 1 core (25%) Storage No 120GB (USB3.0/SSD) 240-960GB (SATA) 120GB (USB3.0/SSD) 240-960GB (SATA) 240-960GB (SATA) Catalyst 9300/9500 USB 3.0 120GB Back panel Catalyst 9400 M2 SATA 240/480/960GB Plug into removable SUP Catalyst 9500 high-performance M2 SATA 240/480/960GB Back panel For local storage and app hosting production • 3rd party USB drives in front panel are not supported • Applications can be hosted via CLI too * Roadmap
- 14. C97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Trunk 10, 20 Eth0 Layer 2 Connectivity to App Hosting Environment AppGigEthernet 1/0/1 DockerTM Eth1 AppGigEthernet Port
- 15. C97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker Workflow-1 Dockerfile1 docker build -t <app> . Build Docker Image 2 Deploy App3 App Descriptor (Optional) docker save myapp > myapp.tar DockerTM Application File FROM ubuntu:18.04 as base RUN apt-get update -yq && apt-get install -yq python COPY poll-temperature.py /usr/bin/poll-temperature.py RUN chmod 777 /usr/bin/poll-temperature.py CMD /usr/bin/poll-temperature.py #!/usr/bin/Python import time import os os.makedirs("/var/volatile/log") f = open('/var/log/poll-temp.log', 'w’) while (1): s = "%s %s polling temperature ...n" % (time.strftime("%d/%m/%Y"), time.strftime("%I:%M:%S")) f.write(s) f.flush() time.sleep(5)
- 16. C97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker Workflow-2 Pull Docker Image1 Deploy App2 docker save myapp > myapp.tar docker pull <app> DockerTM
- 17. C97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Application Management CLI REST REST Custom App Docker Custom App Docker Host OS (IOS XE Kernel) Cisco Application Framework Cisco DNA-C CLI Cisco DNA Center 3rd Party App Docker 3rd Party App Docker 3rd Party App Docker
- 18. C97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential App Lifecycle Management – State Transitions stopdeactivateuninstall install activate start app-hosting install appid myapp package usbflash1:myapp.tar app-hosting activate appid myapp app-hosting start appid myapp app-hosting uninstall appid myapp app-hosting deactivate appid myapp app-hosting stop appid myapp
- 19. C97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialC97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Demo 1. Get App from Docker Hub 2. Save App as ”.tar” format 3. Install, Activate and Start 4. Validate the app
- 20. C97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialC97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Demo Managing application life cycle via Cisco DNA Center
- 21. C97-742348-00 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidentialhttps://developer.cisco.com/ Sandbox Eco System Exchange
- 22. Thank you for watching.
Editor's Notes
- Software for a new era in networking Cisco IOS XE 16 is an open and flexible operating system optimized for a new era of enterprise networks. Its standards-based programmable interfaces automate network operations and give you deep visibility into user, application, and device behaviors. As the single OS for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. You can qualify and deploy new services faster.
- Cisco IOS XE is a modern operating system that delivers industry leading innovations in programmability, streaming telemetry, application hosting, patching, and graceful insertion and removal (GIR).
- Align business and IT goals: Develop a strategy and roadmap to accelerate your Cisco DNA journey across your entire operation • Improve IT service delivery: Integrate across technology, operations and application domains • Unlock business insights: Enable heterogeneous network analytics and data • Enable continuous business/IT alignment: APIs support business and IT applications for an enhanced user experience • Optimize performance: Proactive assessments, and critical insights to streamline operations and inform the business with network analytics • Innovate with confidence: Centralized solution support to manage your case to resolution • Minimize disruption: Managed Services help secure IT management for business transformation to maximize network performance and uptime by delivering consistent always-on service availability. • Build in-house expertise: Virtual and hands-on technical training to equip IT staff with new skills and knowledge.
- Cisco IOS XE application hosting allows third-party off-the-shelf applications built using Linux tool chains to run on Catalyst 9000 switchingK platforms. Application are hosted in a Linux containers for maximum flexibility on distribution environments and isolation from the main operating system. Applications lifecycle, from initial deployment through ongoing change management and application retirement can be managed using Cisco Fog Director through a visual web environment or integrate with existing management systems through APIs. Background One of the most common tasks for the network administrators and operators is troubleshooting and verifying network performance. While the network may not always be the source of performance issues, its often the responsibility of the network IT to be able to rule out the network being source of issues. There are several tools and solutions that can help provide visibility into network performance. Some use out of band mechanisms like SNMP or NetFlow to collect interface counters/errors, and measure latency and round-trip times. Others use agent-based solutions that are able to determine traffic characteristics at an application level. Examples include AppNeta and AppDynamics, which provide detailed application performance profile analytics could potentially also be enhanced to provide a network agent and enhance the application context with network performance data. There are also open source utilities such as iPerf, perfSonar and commercial utilities like Selenium that can help simulate application traffic and provide an application-centric network performance view. The value in running these utilities on the network infrastructure is that it can help the network operators quickly ascertain whether it is an application level issue versus a more generic network level issue. In addition, they can help pinpoint the source of the bottleneck to a source outside the enterprise network or within the enterprise network, narrow it down to the particular network link or device. Customers often run a parallel network infrastructure to run these utilities. This introduces complexity in their environment, since such a parallel infrastructure requires independent devices like laptops, raspberry-pi’s, etc. as well as an independent IP-addressing and power infrastructure, cabling and management, and configuration of traffic redirection/copy/forwarding as needed. Converging such agents and utilities on the network infrastructure provides benefits such as: Enabling the benefits of network and application performance monitoring in a single view, to be able to quickly point-point source of performance issues Not requiring dedicated parallel infrastructure such as laptop, cables, power, IP-address management Not having to manually configure SPAN sessions and instead being able to graphically select the traffic of interest in an intuitive manner Automatically trigger the performance monitoring sessions as required across the network at scale Packet capture: Every network administrator relies on packet capture for monitoring and troubleshooting the network. Traditionally, operators have relied on span to troubleshoot end-user connectivity problems. This is often time consuming, slow and complicated to have physical access to the network device, have another laptop to run the packet capture, cable it and configure the appropriate SPAN session to view the traffic of interest. Often, network administrators are remote and getting physical access to the network infrastructure is a time-consuming process. Running packet capture/analyzer tools such as Wireshark on the network device that is managed through Cisco DNA Center can significantly simplify operations for network engineers by: Enabling them to trigger packet captures remotely Not necessitate dedicated laptop, cables Not having to manually configure SPAN sessions and instead being able to graphically select the traffic of interest in an intuitive manner Automatically capture the PCAP files to the desired location Visualize the packet capture in single user-interface as the rest of the operations command center Integrate lifecycle management of the packet capture tool into a single consolidated man Automation and telemetry agents: Customers often want consistent management tools in their operations toolchain. Operations from an infrastructure perspective going forward has to aspects: Automation Telemetry In areas of both automation as well as telemetry, there are agent-based approaches that would benefit from the application hosting capability on the network infrastructure. Hosting these agents on the network infrastructure allows the customer to simplify their deployment by reducing the need to install dedicated agent nodes and having a common solution to automation or telemetry & analytics that can work consistently on the network and beyond. Example of automation agents are Chef and Puppet, or even on-box python can be used for local event management and automation. Examples of telemetry agents include Kibana and Splunk. Zeek: A common use case for Zeek (formerly known as Bro) is the identification of network behavioral deviations. A few examples include an internal host that suddenly begins communicating with a machine for the first time ever, communicating with more hosts than normal, or using a protocol that is different or unusual. Zeek maintains a record of network transactions, a user can go back retroactively and look at how a series of events played out leading up to that notification. This forensic examination helps determine the behavior a machine was exhibiting before beaconing and understanding if other machines were touched or infected in the process. Nozomi: establish a baseline of what a normal pattern looks like – what number of connections or hosts an endpoint communicates with, the protocols it uses, and the amount of data it typically sends or receives. Scenarios: Internal host that suddenly begins communicating with a machine for the first time ever, communicating with more hosts than normal, or using a protocol that is different or unusual.
- Access section Core section Sneak peak 9600
- INSTALL/DEPLOYED: Application is installed on the device. Resources needed by the application is not committed to the application. ACTIVATED: The resources required by the application is now committed. Associated container artifacts are also generated. START/RUNNING: Application is now running STOPPED : Application is stopped.