Devnet 2557

Download as pdf or txt
Download as pdf or txt
You are on page 1of 32

Application Hosting in

IOS-XE

Bryan Byrne, Technical Solutions Architect


DEVNET-2557
Agenda

• Introduction
• Enabling Guest Shell
• Working with Guest Shell
• Linux Shell Tools
• On-box Python
• Conclusion
Current Application Challenges
Not enough network bandwidth Data Reduction

Most of the data is not interesting Filtering

The use of data may be at the edge Latency Optimisation

Computation can be optimised for some purposes Partitioning

Data normalisation Application Simplification

Data redirection based on the content of the data Dynamic Changes

Data time stamping, algorithmic ownership Analytic Support

DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Network Application Hosting Spectrum

Script Hosting Utility Hosting Containers Small VM Full Compute


• Python • Linux utilities • Application • Complete • Significant
• Access platform • RPMs Code + control resource needs
details Dependencies • Limited resource • Bare-metal or
• Integrate with • LXC and Docker needs Hypervisor
events support • Linux KVM

DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Network Application Hosting Spectrum

Script Hosting Utility Hosting Containers Small VM Full Compute


• Python • Linux utilities • Application • Complete • Significant
• Access platform • RPMs Code + control resource needs
UCS
detailsGuest Shell Dependencies
Cisco IOx • Limited resource • Bare-metal or
• Integrate with • LXC and Docker needs Express
Hypervisor
events support • Linux KVM

DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
What is Cisco IOx?

• Host applications and Cisco IOx


services at the network edge
across different hardware Application


platforms
A compute platform, Linux
+
application framework, and
software development kit +
Cisco IOS
• Manage life cycle aspects of
applications

DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
What is the Guest Shell?
• 64-bit Linux environment running
on IOS XE and NX-OS platforms
• Install, update, and operate 3rd
party Linux apps (e.g. Puppet, Linux
Chef, Splunk) applications

• Bundled with Python Guest Shell

• Intended for agent or script Open Application Container


hosting API

Network OS

DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Cisco Guest Shell Capabilities
Guest Shell 1.0 (Lite) Guest Shell 1.0 Guest Shell 2.1

Operating System IOS-XE 16.5.1a IOS-XE 16.5 NX-OS 7.x

Platforms CAT 3650, CAT3850 CAT 9000, ISR 4000 Nexus 3000, 9000

Guest Shell Environment MontaVista CGE7 CentOS 7 CentOS 7

Python 2.7 ✓ ✓ ✓

Python 3.0 ✗ ✓ ✓

Python GNU C Compiler ✗ ✗ ✓

RPM Install ✗ ✓ ✓

OVA Enable/Upgrade ✗ ✗ ✓

User Defined Resources ✗ ✗ ✓

DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Enabling the Guest Shell
Task Overview for Enabling the Guest Shell
• Enable IOX
• Configuration the VirtualPort group to provide IP connectivity to Guest Shell
• Create NAT rules to allow outbound access for Guest Shell
• Enable the Guest Shell

DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Task 1: Enable IOX
• The command ‘iox’ enables the IOX
process running in IOS-XE

csr1kv#conf t
Enter configuration commands, one per
line. End with CNTL/Z.

csr1kv(config)#iox
csr1kv(config)#end

DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Task 2: Validate the IOX Status
csr1kv#show iox-service • This command provides the status
Infrastructure version : 1.7
of the IOX service.
Total virtual services installed : 1
• Guestshell runs in a Linux Container
Total virtual services activated : 0
(LXC) and cannot co-exist with a
KVM container.
Machine types supported : LXC
Machine types disabled : KVM

IOx Infrastructure Summary:


---------------------------
IOx service (CAF) : Running
IOx service (HA) : Not Running
IOx service (IOxman) : Running
Libvirtd : Running

DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Task 3: Configure VirtualPortGroup
• The VirtualPortGroup acts as the
default gateway for the guestshell.
conf t

interface VirtualPortGroup 0 • The VirtualPortGroup interface must


ip address 192.168.35.1 255.255.255.0 have a static IP address.
no mop enabled
no mop sysid
exit

end

DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Task 4: Configure NAT for Out
• Configuration only valid on routing platforms

• Used to NAT traffic from Guest Shell off box


ip access-list standard NAT_ACL
permit 192.0.0.0 0.255.255.255 • Example: to access Internet resources
! (ex.: code repository)
Interface GigabitEthernet1 • Inbound access to the Guest Shell
ip nat outside requires additional NAT configuration
!
Interface VirtualPortGroup0
• Alternative to using NAT is to advertise the
ip nat inside
Virtual-Port Group into the routing domain
!
Ip nat inside source list NAT_ACL
interface GigabitEthernet1 overload

DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Step 5: Enable the Guest Shell
• Virtual-Port Group and IP address only
! Entered from Enable Mode
needed on routing platforms
! Command is entered on a single line

guestshell enable VirtualPortGroup 0 guest-ip


192.168.35.2
• Guest Shell session management
• guestshell disable
show app-hosting list
App id State • Removes access and kills the
------------------------------------------------ current session
------ • Files and data are preserved
guestshell RUNNING
• guestshell destroy
• Deletes the guestshell file system
• All data is lost

• Additional command argument for adding


name server to the Guest Shell
• Does not address environments with
proxy-servers
DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Working with the Guest Shell
Task 6: Running Linux Commands Directly from IOS
CLI
csr1kv#guestshell run pwd
/home/guestshell
• Linux commands are run by issuing
‘guestshell run’ before shell command
csr1kv#guestshell run sudo ifconfig eth0
eth0:
flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 • Valid for any binary under /bin and /sbin
inet 192.168.35.2 netmask
255.255.255.0 broadcast 192.168.35.255
inet6 fe80::5054:ddff:fee9:598e prefixlen • Log into the Guest Shell by running
64 scopeid 0x20<link> ‘guestshell run bash’
ether 52:54:dd:e9:59:8e txqueuelen
1000 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier
0 collisions 0

csr1kv#guestshell run bash


[guestshell@guestshell ~]$

DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Task 7: Accessing the CLI from the Guest Shell
• ‘dohost’ command built into Guest Shell
• Send commands directly to the router
• Limited to exec privilege commands. No access to config mode.

[guestshell@guestshell ~]$ dohost 'show ip int bri'

Interface IP-Address OK? Method Status Protocol


GigabitEthernet1 10.0.2.15 YES DHCP up up
GigabitEthernet2 unassigned YES unset administratively down down
GigabitEthernet3 unassigned YES unset administratively down down
VirtualPortGroup0 192.168.35.1 YES manual up up

[guestshell@guestshell ~]$ dohost 'show log | inc DHCP'

*Jul 27 18:51:09.796: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet1 assigned DHCP


address 10.0.2.15, mask 255.255.255.0, hostname iosxe1

DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Linux Shell Tools
Task 8: Installing Applications within Guest Shell
• YUM
• Package manager for Linux
systems.
• Install, update and remove
applications
• ’repos’ or file repositories
[guestshell@guestshell ~]$ sudo yum install mtr
Loaded plugins: fastestmirror
=====================================================================================================================
Package Arch Version Repository Size
=====================================================================================================================
Installing:
mtr x86_64 2:0.85-7.e17 base 71 K

Installed:
mtr-0.85-7.el7.x86_64

Complete

Output edited for brevity and clarity


DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Task 9: Using tcpdump to Analyze IOS Packet
Capture
• In this example we will use tools in both IOS-XE and Guest Shell to troubleshoot
a ‘problem’.
• As Guest Shell does not have access to the data plane we will generate some
traffic and capture using the embedded packet capture
• After stopping the capture we will use tcpdump from the Guest Shell to work with
the data.

DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
On-Box Python
Extending Application Support Through Python
Application Examples

• Python is the defacto automation


language of the day.
• Customers are already familiar with
Linux and Python
• Helps overcome operational
shortcomings of CLI
• Access Cisco’s python API in IOS

http://www.python.org/

DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Using Python with IOS-XE Devices
Application Examples • IOS-XE “Off-Box” Python
IOS-XE “On-Box” Python
External Python
Python
Execution Environment
Python SSH/NETCONF
IOS-XE Device
IOS
IOS IOS-XE Device

• scripts executed locally on switch or router • scripts executed externally from switch or
• Ideal for: router
• provisioning automation (ZTP) • Ideal for:
• automating Embedded Event Manager • configuration management automation
responses • telemetry / operational data
• application development • controller use cases including APIC-EM /
• IOT Cisco Network PNP

DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Task 10: Working with the Interactive Python
Interpreter
• In this task we will use the interactive Python interpreter and Cisco’s cli Python
module to make changes to our switch.
• Our workflow will be
• Start the Python interpreter
• Import the cli module
• Craft (copy) our cli configuration
• View the results with a show command

DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Task 11: Using Python with IOS-XE
Use Case Example – “Are you sure nothing has changed on the network?”
• By leveraging a combination of EEM and On-Box Python the router can notify
when the configuration has been modified.
• Python script posts

Check out the details here - http://cs.co/DEVNET-1695-Spark-Example

DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Lunch & Learn
• Meet the Engineer 1:1 meetings
• Related sessions

DEVNET-2557 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Q&A

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Complete Your Online
Session Evaluation
• Give us your feedback and
receive a Cisco Live 2018 Cap
by completing the overall event
evaluation and 5 session
evaluations.
• All evaluations can be completed
via the Cisco Live Mobile App.
Don’t forget: Cisco Live sessions will be
available for viewing on demand after the
event at www.CiscoLive.com/Global.

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Thank you

You might also like