Scribd
Upload
431 views

Devnet-1695 (2018)

Uploaded by

Paul Zeto
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
431 views

Devnet-1695 (2018)

Uploaded by

Paul Zeto
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 41

DEVNET-1695

Application Hosting in IOS-XE

Bryan Byrne, CCIE 25607 (R/S)


Technical Solutions Architect – Enterprise Networks
@bryan25607
Cisco Spark
Questions?
Use Cisco Spark to communicate
with the speaker after the session

How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space

cs.co/ciscolivebot#DEVNET-1695

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda

• Introduction
• Enabling Guest Shell
• Accessing Guest Shell
• Installing and Running Applications
• Wrap Up
How Did I Get Here?
It Started with a Simple Question:

“Any interest in talking about


application hosting on IOS-XE
at Cisco Live?”

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Why would I run apps in the network?
Current Application Challenges
Not enough network bandwidth Data Reduction

Most of the data is not interesting Filtering

The use of data may be at the edge Latency Optimization

Computation can be optimized for some purposes Partitioning

Data normalization Application Simplification

Data redirection based on the content of the data Dynamic Changes

Data time stamping, algorithmic ownership Analytic Support

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Empowering the Edge – Leverage the Network!
• Existing hardware
footprint Business
Applications
Management Analytic
• No need for IoT
Systems

separate compute Applications Billing

machinery
• Integrated security
• Reduced latency &
bandwidth cost

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Network Application Hosting Spectrum

Script Hosting Utility Hosting Containers Small VM Full Compute


• Python • Linux utilities • Application • Complete • Significant
• Access platform • RPMs Code + control resource needs
details Dependencies • Limited resource • Bare-metal or
• Integrate with • LXC and Docker needs Hypervisor
events support • Linux KVM

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Network Application Hosting Spectrum

Script Hosting Utility Hosting Containers Small VM Full Compute


• Python • Linux utilities • Application • Complete • Significant
• Access platform • RPMs Code + control resource needs
UCS
detailsGuest Shell Dependencies
Cisco IOx • Limited resource • Bare-metal or
• Integrate with • LXC and Docker needs Express
Hypervisor
events support • Linux KVM

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
What is Cisco IOx?

• Host applications and Cisco IOx


services at the network edge
across different hardware Application


platforms
A compute platform, Linux
+
application framework, and
software development kit +
Cisco IOS
• Manage life cycle aspects of
applications

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
What is Cisco UCS Express

• Cisco UCS Blade server


installed and running in
router/switch
• Bare-metal or hypervisor
operating systems supported
• Independent server
management (from network)

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
What is Guest Shell and Why do I care?
What is the Guest Shell?

• 64-bit Linux environment running


on IOS XE and NX-OS platforms
• Install, update, and operate 3rd
party Linux apps (e.g. Puppet, Linux
Chef, Splunk) applications

• Bundled with Python Guest Shell

• Intended for agent or script Open Application Container


hosting API

Network OS

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
What is the Guest Shell?
• Maintain host system integrity
• Isolated user space
• Fault isolation
• Resource isolation
• Access to bootflash Linux
applications
• On-box rapid prototyping
Guest Shell
• Integrate into existing Linux
workflows Open Application Container
API

Network OS

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Cisco Guest Shell Capabilities
Guest Shell 1.0 (Lite) Guest Shell 1.0 Guest Shell 2.1

Operating System IOS-XE 16.5.1a IOS-XE 16.5 NX-OS 7.x

Platforms CAT 3650, CAT3850 CAT 9000, ISR 4000 Nexus 3000, 9000

Guest Shell Environment MontaVista CGE7 CentOS 7 CentOS 7

Python 2.7 ✓ ✓ ✓

Python 3.0 ✗ ✓ ✓

Python GNU C Compiler ✗ ✗ ✓

RPM Install ✗ ✓ ✓

OVA Enable/Upgrade ✗ ✗ ✓

User Defined Resources ✗ ✗ ✓

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
ISR 4000 Guest Shell Support

ISR 4221 ISR 4321 ISR 4331 ISR 4351 ISR 4431 ISR 4451

Default/Max DRAM 4 GB 4 GB / 4 GB / 4 GB / 4 GB / 4 GB /
8 GB 16 GB 16 GB 16 GB 16 GB

✗ ✓ ✓ ✓ ✓ ✓
Guest Shell Support

Memory Requirements: Guest Shell requires 8GB of DRAM

Other Limitations: KVM and Guest Shell containers cannot co-exist

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Enabling the Guest Shell
Enabling Guest Shell
Task Overview
• Enable IOX on the device
• IOX is the manager that handles guest shell and other 3rd party applications in IOS-XE
• Configure the Virtual Port Group and NAT Statements
• The Virtual Port Group is the interface the device uses to communicate with guest shell
• The device provides access to off-box resources through a NAT

• Enable and log into the guest shell

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Step 1: Enabling IOX
DEVNET-1695#conf t • IOx is the manager handling application
DEVNET-1695(config)#iox hosting in IOS-XE
DEVNET-1695(config)#exit

DEVNET-1695#show iox-service • Guest Shell is just one use of IOx

Machine types supported : LXC


Machine types disabled : KVM • Notes:
• The IOx service can take up to 3 minutes
IOx Infrastructure Summary: to start
--------------------------- • The IOx service (HA) may not run
IOx service (CAF) : Running
IOx service (HA) : Not Running
IOx service (IOxman) : Running
Libvirtd : Running

DEVNET-1695#

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Step 2: Create the Virtual Port Group
conf t • Configuration only valid on routing platforms

interface VirtualPortGroup 0
ip add 192.168.35.1 255.255.255.0 • Used to provide network connectivity to the
no shut Guest Shell
exit

• On switching platforms Guest Shell


connectivity is bridged from the Mgmt port

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Step 3: Create NAT Entry
conf t • Configuration only valid on routing platforms

interface VirtualPortGroup0
ip nat inside • Used to NAT traffic from Guest Shell off box
• Example: to access Internet resources
! Interface connected to local network (ex.: code repository)
interface GigabitEthernet1
ip nat outside • Inbound access to the Guest Shell
requires additional NAT configuration
ip access-list standard NAT_ACL
permit 192.168.0.0 0.0.255.255
• Alternative to using NAT is to advertise the
ip nat inside source list NAT_ACL \* Virtual-Port Group into the routing domain
interface GigabitEthernet1 overload

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Step 4a: Enable the Guest Shell
• Virtual-Port Group and IP address only
! Entered from Enable Mode
needed on routing platforms
! Command is entered on a single line

guestshell enable VirtualPortGroup 0 guest-ip


192.168.35.2
• Guest Shell session management
• guestshell disable
show app-hosting list
App id State • Removes access and kills the
------------------------------------------------ current session
------ • Files and data are preserved
guestshell RUNNING
• guestshell destroy
• Deletes the guestshell file system
• All data is lost

• Additional command argument for adding


name server to the Guest Shell
• Does not address environments with
proxy-servers
DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Accessing the Guest Shell Environment
Running Linux Commands Directly from IOS CLI
DEVNET-1695#guestshell run pwd
/home/guestshell • Linux commands are run by issuing
‘guestshell run’ before shell command
DEVNET-1695#guestshell run sudo ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.35.2 netmask 255.255.255.0 broadcast 192.168.35.255 • Valid for any binary under /bin and /sbin
inet6 fe80::5054:ddff:fee9:598e prefixlen 64 scopeid 0x20<link>
ether 52:54:dd:e9:59:8e txqueuelen 1000 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Direct Access to the Guest Shell
DEVNET-1695#guestshell run bash
• Log into the Guest Shell by running
[guestshell@guestshell ~]$ pwd ‘guestshell run bash’
/home/guestshell

• Environment variables can be customzed by


editing .bashrc or .bash_profile
DEVNET-1695#vi .bashrc

if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
echo "Welcome to DEVNET-1695"

DEVNET-1695#guestshell run bash


Welcome to DEVNET-1695

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Setting Up Name Resolution
[guestshell@guestshell ~]$ cat /etc/resolv.conf
nameserver 208.67.222.222 • DNS can be pushed into the Guest Shell as
part of the ‘guestshell enable’ command.
[guestshell@guestshell ~]$ ping pool.ntp.org • Does not add the DNS server to
PING pool.ntp.org (104.131.139.195) 56(84) bytes of data.
64 bytes from acheron.bitsrc.net • Note: Guestshell in NX-OS must
(104.131.139.195): icmp_seq=1 ttl=62 time=111 ms explicitly configure within /etc/resolv.com

• If the network requires proxy it must be


manually configured in the /etc/resolv.conf file

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Accessing the CLI from the Guest Shell
• ‘dohost’ command built into Guest Shell
• Send commands directly to the router
• Limited to exec privilege commands. No access to config mode.

[guestshell@guestshell ~]$ dohost 'show ip int bri'

Interface IP-Address OK? Method Status Protocol


GigabitEthernet1 10.0.2.15 YES DHCP up up
GigabitEthernet2 unassigned YES unset administratively down down
GigabitEthernet3 unassigned YES unset administratively down down
VirtualPortGroup0 192.168.35.1 YES manual up up

[guestshell@guestshell ~]$ dohost 'show log | inc DHCP'

*Jul 27 18:51:09.796: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet1 assigned DHCP


address 10.0.2.15, mask 255.255.255.0, hostname iosxe1

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Install and Run Applications
Installing Applications within Guest Shell
• YUM • Git
• Package manager for Linux • Installed via yum
systems. • Access code from GitHub and
• Install, update and remove other repositories
applications • Useful for distribution of custom
• ’repos’ or file repositories applications.
[guestshell@guestshell ~]$ sudo yum install git
Loaded plugins: fastestmirror
=====================================================================================================================
Package Arch Version Repository Size
=====================================================================================================================
Installing:
git x86_64 1.8.3.1-6.el7_2.1 base 4.4 M

Installed:
git.x86_64 0:1.8.3.1-6.el7_2.1

Complete!
[guestshell@guestshell ~]$ git –version
git version 1.8.3.1
Output edited for brevity and clarity
DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Install and Run Applications
Application Examples
• MTR – Combines ping and traceroute. Tracks response time and reachability
over time.

• tcpdump – well known Linux packet analyzer

• Custom Python Applications

• Launch custom apps from IOS-XE based Embedded Event Manager applets

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
MTR
Application Examples
• Combines the function of traceroute and ping into a single tool.
• Probes routers over time and tracks response times.

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
tcpdump
Application Examples
• IOS-XE has a built-in packet capture but depending on the size the capture
finding data can be difficult
• tcpdump is a well known Linux tool that can view the exported packet capture
csr1kv#guestshell run sudo tcpdump -qns 0 -X -r flash:BUFF.pcap
The run command has been modified to: sudo tcpdump -qns 0 -X -r /flash/BUFF.pcap
reading from file /flash/BUFF.pcap, link-type EN10MB (Ethernet)
13:55:27.533968 IP 10.0.2.15.ssh > 10.0.2.2.56095: tcp 96
0x0000: 45c0 0088 b82e 0000 ff06 ea70 0a00 020f E..........p....
0x0010: 0a00 0202 0016 db1f 8a2a a4c3 0e72 f907 .........*...r..
0x0020: 5018 0f20 976c 0000 dcea ead2 ab06 36fa P....l........6.
0x0030: 8dd4 f5a4 f0ed aa16 9bb3 43e8 5961 bab8 ..........C.Ya..
0x0040: a220 269a a6b5 0072 edd3 f22e 291f be27 ..&....r....)..'
0x0050: 8318 6847 9429 7a5a 4aa3 b4c3 c643 2d63 ..hG.)zZJ....C-c
0x0060: 5f99 085a 846c 804d 4610 fe84 02e2 c5d1 _..Z.l.MF.......
0x0070: 1cbe e42f 1a36 4472 1fe6 6b61 c19d b2d8 .../.6Dr..ka....
0x0080: 4ed2 bbf3 3460 e6af N...4`..

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Extending Application Support Through Python
Application Examples

• Python is the defacto automation


language of the day.
• Customers are already familiar with
Linux and Python
• Helps overcome operational
shortcomings of CLI
• Access Cisco’s python API in IOS

http://www.python.org/

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Using Python with IOS-XE Devices
Application Examples • IOS-XE “Off-Box” Python
IOS-XE “On-Box” Python
External Python
Python
Execution Environment
Python SSH/NETCONF
IOS-XE Device
IOS
IOS IOS-XE Device

• scripts executed locally on switch or router • scripts executed externally from switch or
• Ideal for: router
• provisioning automation (ZTP) • Ideal for:
• automating Embedded Event Manager • configuration management automation
responses • telemetry / operational data
• application development • controller use cases including APIC-EM /
• IOT Cisco Network PNP

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Using Python with IOS-XE
Use Case Example – “Are you sure nothing has changed on the network?”
• By leveraging a combination of EEM and On-Box Python the router can notify
when the configuration has been modified.
• Python script posts

Check out the details here - http://cs.co/DEVNET-1695-Spark-Example

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Cisco Spark
Questions?
Use Cisco Spark to communicate
with the speaker after the session

How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space

cs.co/ciscolivebot#DEVNET-1695

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Please complete your Online Complete Your Online
Session Evaluations after each
session
Session Evaluation
• Complete 4 Session Evaluations
& the Overall Conference
Evaluation (available from
Thursday) to receive your Cisco
Live T-shirt
• All surveys can be completed via
the Cisco Live Mobile App or the
Communication Stations
Don’t forget: Cisco Live sessions will be available
for viewing on-demand after the event at
www.ciscolive.com/global/on-demand-library/.

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Tech Circle
• Meet the Engineer 1:1 meetings
• Related sessions

DEVNET-1695 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Thank you

You might also like