An Introduction to Service Containers Matt Bolick Technical Marketing Engineer September 11, 2013 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
Traditional Network Services Traditional Features Cisco Network Operating System Feature 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Physical Server Container Container Physical Server Physical Server or Cloud Container Physical Server Container What s happening in the server world. Feature or Application Feature or Application Feature or Application Feature or Application Feature or Application Feature or Application 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
External Server Blade Future Service Delivery Write once. Run anywhere. Service Container Blade Hosting with Hypervisor End-Point Hosting Cisco Network Operating System Container Feature or Application Cisco Network Operating System Container Cisco Network Operating System Feature or Application Feature or Application 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
What is a Service Container? Service Containers use virtualization technology to provide a hosting environment on Cisco routers & switches for applications which may be developed and released independent of platform release cycles. 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Use Cases for Service Containers Virtualized environment on a cisco device. Use Case Cisco Virtual Services: Work/Appliance Consolidation Example: ISR-WAAS on ISR4451-X Use Case Cisco Agents: Integral Router Features with decoupled release cycles Example: RESTFul API in the CSR1000v Use Case Signed Third Party Services: Container Hosted OnePK Applications Service Containers Network OS Container Virtual Service 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Where is this happening? Catalyst 4500 Sup 7E Wireshark and future services ISR4451-X WAAS and future services Cloud Services Router 1000v REST API for automated deployment Nexus 3000, 5000, 6000 & 7000 3 rd Party Embedded Services 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Anything you can think of OnePK Evolving How We Interact With the Network Operating System Traditional Approach New Paradigm CLI IOS SNMP HTML XML Monitoring Policy App AAA CDP Syslog Netflow Routing Protocols Span Interface Discovery Routing Data Plane Actions Events App EEM (TCL) C Java Python 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Introducing One Platform Kit - onepk Applications That YOU Create onepk Flexible development environment to: Innovate Extend Automate Customize Enhance Modify Any Cisco Router or Switch 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
External Server Blade Future Service Delivery Write once. Run anywhere. Service Container Blade Hosting End-Point Hosting Cisco Network Operating System Container Feature or Application Cisco Network Operating System Container Cisco Network Operating System Feature or Application onepk Interface Feature or Application 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Example Architecture: ISR4451-X IOSd Control Plane ISR-WAAS Future Cisco Embedded Network Services Linux OS Common API (onepk) Platform Specific Data Plane AppNav AVC Other Data Plane Features onepk onepk Internal Services Blade (UCS E- Series) External Services Blade (UCS) 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
ISR 4451-X Block Diagram Control Plane (1 core) & Services Plane (3 cores) Data Plane (10 cores) FPGE Service Containers Live Here Multi Gigabit Fabric ISC SM-X SM-X NIM 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Terminology Virtual-Service: This refers to the container service configuration object. It is sometimes also called the Virtual Machine: (VM) or the container. Host: The IOS-XE, NXOS system software Guest: An instance of the foreign software being hosted. It is sometimes referred to as the application. OVA: The software package provided by the application writer which contains the application and metafiles used to create the hosting environment. (Open Virtualization Archive) Distribution: The complete set of software provided by the application development team. KVM: Kernel Virtual Machine LxC: Linux Container 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
IOS & Host Service IOS & Host Service Service Container Technologies KVM Description: KVM is a virtual machine emulation of the underlying hardware. KVM runs as a Type 2 hypervisor on IOS-XE. IOS/VMAN provide VM management Services. Characteristics: Isolates Guest Operating System from Host OS Takes advantage of CPU hardware extensions found on server-class processors (e.g., Intel s VT-x technology) Provides the highest level of guest/host isolation. LXC Description: This is an operating system virtualization technology (not a hypervisor) that shares the host kernel with the guest but provides isolation through namespace extensions to the Linux kernel. Characteristics: Native Performance, no device emulation or CPU specific requirements Support across Processor Architectures (MIPs, PPC, Intel) More easily allows sharing of host services/libraries into guest Host has direct visibility into resource usage and contention Guest applications run on the same OS kernel and thus there s less isolation and fault separation Application Guest Root File System Application Guest Root File System Guest OS Kernel Host OS (Linux Root File System) Host OS (Linux Kernel) Hardware Resource Host OS (Linux Root File System) Host OS (Linux Kernel) Hardware Resource 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Application Signing Platforms with Service Containers Trust Level Defined per platform Some platforms might allow unsigned applications Cisco Application Signature Applied to identify trusted applications Securely signed and identified Service Container OVA Cisco and 3 rd Party Applications Submitted to Cisco Developer Network for certification and signing Trusted Application Signatures 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Cisco Prime Infrastructure 2.0 Full Service Container Lifecycle Management Automated Point-and-Click Life- Cycle Management for Service Containers Point-and-Click deployment of Service Containers Automated and scheduled provisioning. Simplified Templates and Configuration Advice Full Life-Cycle Management Role-Based Access Support for a wide range of Service Container Types Automated management for Containers across the network 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Virtual Service Deployment Workflow Hosted Service Deployment Model router#virtual-service install name <app_name> package <file_uri> router#virtual-service uninstall name <app_name> Un-Install Service Install Service (package) Configure Service router#interface VirtualPortGroup1 ip address 3.3.3.1 255.255.255.0 router#virtual-service <app-name> interface virtualportgroup1 ip address 3.3.3.2 profile app-model-1 router#virtual-service upgrade name <app_name> package <file_uri> Upgrade Service (Host Initiated) Start Service router#virtual-service <app-name> activate Manage Service Monitor Service router#show virtual-service connect router#show log router#copy core router#show virtual-service global router#show virtual-service list router#show virtual-service detail name <app-name> router#show virtual-service utilization name <app-name> 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Install Virtual Service Software Package router#virtual-service install name WAAS package harddisk:isr4451x-waas- 5.2.0-b27.ova [media harddisk:] Package "harddisk:/isr4451x-waas-5.2.0-b27.ova" is currently being installed for virtual service WAAS". Once the install is finished, please activate the VM to run the VM. router# Feb 14 19:37:09.886: %VIRT_SERVICE-5-INSTALL_STATE: Successfully installed virtual service WAAS router# Install command specifies the following User selected name of virtual service Location of the OVA package file [optional] destination media On ASR1K and ISR4451-X platforms we support installation to harddisk only. 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
10.10.10.3 10.10.20.2 Configure Virtual Service interface VirtualPortGroup1 ip address 10.10.10.1 255.255.255.0 load-interval 30! interface VirtualPortGroup2 ip address 10.10.20.1 255.255.255.0 Container-1 Container-2 Container-3 Container-4 10.10.10.2 10.10.20.3 10.10.20.4 virtual-service Container-2 interface VirtualPortGroup1 interface VirtualPortGroup2 br0 (subnet 10.10.10.x) br1 (subnet 10.10.20.x) interface VirtualPortGroup1 ip address 10.10.10.1 interface VirtualPortGroup2 ip address 10.10.20.1 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Configure Virtual Service (Profiles) router(config)#virtual-service WAAS router(config-virt-serv)#profile? ISR-WAAS-1300 ISR-WAAS profile for 1300 TCP connections ISR-WAAS-2500 ISR-WAAS profile for 2500 TCP connections ISR-WAAS-750 ISR WAAS profile for 750 TCP connections Example: ISR-WAAS Profiles Profile Name Description CPU Memory DRE Disk ISR-WAAS-750 WAAS Profile for 750 connections 25% 4G 150G ISR-WAAS-1300 WAAS Profile for 1300 connections 50% 6G 150G ISR-WAAS-2500 WAAS Profile for 2500 connections 75% 8G 350G 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Activate Virtual Service router#show virtual-service list Virtual Service List: Name Status Package Name ------------------------------------------------------------------- WAAS Installed ISR4451X-WAAS-5.2.0-b... router(config)#virtual-service waas router(config-virt-serv)#activate router(config-virt-serv)#end router# Feb 14 19:53:02.070: %VIRT_SERVICE-5-ACTIVATION_STATE: Successfully activated virtual service WAAS Feb 14 19:53:04.069: %LINK-3-UPDOWN: Interface VirtualPortGroup3, changed state to up Feb 14 19:53:05.070: %LINEPROTO-5-UPDOWN: Line protocol on Interface VirtualPortGroup3, changed state to up router#show virtual-service list Virtual Service List: Name Status Package Name ------------------------------------------------------------------- WAAS Activated ISR4451X-WAAS-5.2.0-b... 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Show Virtual Service: Global Information router#show virtual-service Virtual Service Global State and Virtualization Limits: Infrastructure version : 1.2 Total virtual services installed : 3 Total virtual services activated : 2 Maximum memory for virtualization : 10240 MB Maximum HDD storage for virtualization : 381536 MB Maximum bootflash storage for virtualization : 7107 MB Maximum system CPU : 75% Maximum VCPUs per virtual service : 6 Committed memory : 6144 MB Committed disk storage : 182939 MB Committed system CPU : 25% Available memory : 4096 MB Available disk storage : 202236 MB Available system CPU : 50% Machine types supported Machine types disabled : KVM, LXC : none 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Show Virtual Service: Detail Provides detailed view of Guest machine resources (verbose) router#show virtual-service detail name WAAS Virtual Service WAAS Detail: Package metadata: Package name : ISR4451X-WAAS-5.2.0-b2.ova Application name : ISR-WAAS Application version : 1.0 Application description : WAAS Certificate type : N/A Signing method : SHA512 Licensing name : ISR-WAAS Licensing version : 1.0 OVA path : /vol/harddisk/isr4451x-waas-5.2.0-b2.ova State : Activated Detailed guest status : Version: oe-vwaas-5.2.0.2 The system has been up for 2 days, 23 hours, 35 minutes, 22 seconds. Interception-method: appnav-controller Current Service Node state : Operational Time Service Node entered current state : Mon Feb 11 20:25:07 2013 System State: Running\ <snip> 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Show Virtual Service Profiles router#show virtual-service profile name WAAS Virtual Service WAAS profiles: Name Description Allowed ----------------------------------------------------------------------------------- ISR-WAAS-2500 ISR-WAAS profile for 2500 TCP connections Yes ISR-WAAS-1300 ISR-WAAS profile for 1300 TCP connections Yes ISR-WAAS-750 ISR WAAS profile for 750 TCP connections Yes router#show virtual-service profile name WAAS detail Virtual Service WAAS Profile Details: Profile name : ISR-WAAS-2500 Description : ISR-WAAS profile for 2500 TCP connections License name : ISR-WAAS License version : 1.0 Resource admission : No Resource requirements : Disk space : 360879MB Memory : 8192MB CPU : 75% system CPU VCPUs : 6 (sockets:1 cores:6 threads:1) <SNIP> 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Connect to Virtual Service router#virtual-service connect name WAAS console Connected to appliance. Exit using ^c^c^c Cisco Wide Area Application Engine Console Username: 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Show Virtual Service Log router#show platform software trace message virt-manager rp active 02/14 19:16:13.370 [vman]: (debug): Request content 02/14 19:16:01.337 [vman]: (debug): Finished continuation of show_trace_msg_request 02/14 19:16:01.334 [vman]: (debug): Request content 02/14 19:16:01.334 [vman]: (debug): Continuing show_trace_msg_request 02/14 19:16:01.334 [vman]: (debug): Finished continuation of show_trace_msg_request 02/14 19:16:01.334 [vman]: (debug): Application registered continuation for show_trace_msg_request 02/14 19:16:01.334 [vman]: (debug): Registering show_trace_msg_request for continuation 02/14 19:16:01.334 [vman]: (debug): Request content 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Upgrade Virtual Service router#virtual-service upgrade name waas package? bootflash: Appliance package cns: Appliance package flash: Appliance package harddisk: Appliance package null: Appliance package nvram: Appliance package system: Appliance package tar: Appliance package tmpsys: Appliance package router#virtual-service upgrade name waas package harddisk:isr4451x-waas-5.2.0-b2.ova 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Un-install Virtual Service router#virtual-service uninstall name WAAS router# Feb 14 19:34:29.765: %VIRT_SERVICE-5-INSTALL_STATE: Successfully uninstalled virtual service WAAS router# 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
ISR-WAAS Simplified Deployment REST API for automated CSR1000v deployment Nexus 3k, 5k, 6k & 7k support for open containers 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Key Benefits with ISR4451-X ISR-WAAS All in a box simple to deploy FULL FEATURED WAAS ACCELERATOR INSIDE Native Simple Scalable Tighter Integration Service aware data plane AppNav Dedicated Resources 3 steps to setup within 10 minutes Up to 2500 connections 150Mbps optimized WAN Embedded AppNav to expand w/ WAAS on UCS-E or externally 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Router# service waas enable Step 1: Choose WAAS Profile 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Step 2: Choose WAN Interface 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Step 3: Verify and Activate 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Cisco IOS Software in Virtual Form-Factor App App CSR 1000V Selected Features of IOS XE primarily for Cloud Use Cases OS OS VPC/ vdc Hypervisor Virtual Switch Physical Server Server, Switch, Multi-Hypervisor (ESXi, KVM, Xen) Small Footprint (reducing from 4 vcpu to 1), Low Performance Elastic Capacity (10 Mbps and up Throughput, 2 to 8 GB RAM) RESTful APIs (leverages OnePK) for Automated Management Enterprise-class Networking with Rapid Deployment and Flexibility 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Example: RESTful API for CSR1000v REST API Web Interface written in Python LXC Service Container onepk API Infrastructure IOS XE 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Nexus OS Open Container Architecture User/3 rd Party C, JAVA, Python Program User/3 rd Party C, JAVA, Python Program Open LxC Service Containers onepk API Infrastructure NXOS (Nexus Platforms) 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
What to Look For in the Future Flexible Services from Cisco Additional Options for 3 rd Party Services More Install Options Virtual Services Write once and run in many locations. Parity Across Devices Identical features and feel on appliances, virtual devices and service containers. Simplified Install Management tools and installation scripts to make working with services easier. Partner Applications Applications from third parties tested and certified by Cisco Customer Applications More options per-platform for un-signed applications. Development Assistance Application Development Kits and assistance available as a service. Platforms More platforms being introduced with support for service containers. Modules Modules in several platforms that can run the same service containers. Development Servers Service Container support within dedicated servers. Consistent, Powerful and Portable Network Applications 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Thank you.
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41