APIC-EM and
Software Defined in the Enterprise
TechUpdate November 2015
René Andersen
System Engineer
November 2015
Cisco APIC-EM
An Application Platform for Enterprise WAN and Access Networks
•
Virtual (ISO VM) or appliance-based
• Provides user policy abstraction and automation
• Simplification of complex network configuration with
Cisco® application best practices
• Existing and new installations (Catalyst®, ISR, ASR, WLC)
`
Ready-to-deploy applications (October 2015):
BENEFITS:
Brownfield support
Ready-to-use-applications
Open, northbound API
IWAN (with a license)
Plug-n-Play (free)
Path Trace (free)
APIC-EM Application Overview at GA
Enterprise
Network
BRANCH
Public
Cloud
Day 0
Day 1
Day 2
Plug-and-Play App
Cisco IWAN App
Path Trace App
Zero touch deployment of routers /
switches / APs
Guided, fast auto-provisioning of
IWAN solution with Cisco experts’
best practices
Discover path between two end
points based on 5 tuple
Accelerated roll-out: Eliminates
tech visits and shrinks deployment
from months to minutes
From 1000 CLI commands to 10
GUI clicks per branch
Rapidly troubleshoot congestion and
ACL issues and lower OPEX for
trouble ticket processing by 98%
APIC-EM PnP Application
Use Case: Auto-Discovery and Provisioning
IT
New Router
New Switch
PnP Application
NETWORK
BENEFITS
SDN
Simple Workflow
Zero Touch Deployment.
Shortened Deployment Time.
Zero Touch
Provisioning
No On-Site Expert Needed
Open
Architecture
Increased Security. Decreased
Chance of Misconfiguration.
Network Plug and Play (PnP)
Deployment
Device receives target
image and configuration
Discovery
Device can reach
PnP Server on APIC-EM
No Staging
Routers (ISR, ASR)
Switches (Catalyst®)
Wireless Access Points
No Staging Required
PnP Runs from Cisco
Factory-Default Configuration
1
2
Network Plug and Play (PnP) – Components
Cloud Redirect Service
PnP Helper App
[ Optional ]
[ Optional ]
Roadmap Phase 2
Redpark RJ45
Apple 30pin
GetConsole
Airconsole2.0
Bluetooth Adapter
PnP Agent
Runs on Cisco® switches, routers,
and wireless access points
Automates the deployment process
Central Server on APIC-EM
Manages sites, devices, images,
licenses, workflow
Provides Northbound REST APIs
Delivers bootstrap, status
and troubleshooting checks
Redpark RJ45
Apple 8pin
PnP Server
PnP Protocol
Runs between
Agent and Server
Open Schema
PnP – Discovery Options
1
Wireless Access Points
2
DHCP
DHCP with options 60 and 43
Server
PnP string: 5A1D;B2;K4;I172.19.45.222;J80
DNS
Server
DNS lookup
pnpserver.localdomain ---- 172.19.45.222 (PnP Server)
Cloud re-direction - roadmap (Q4CY2015)
Routers (ISR, ASR)
3
https://devicehelper.cisco.com/device-helper re-directs to 172.19.45.22
(PnP Server)
4
USB-based bootstrapping
Switches (Catalyst®)
5
X
Manual - using the Cisco® Installer App
iPhone, iPad, Android, (roadmap - Windows mobile and PC)
Others
Any other manual or automated discovery method – Scripting, AN, EEM, NAP, etc.
PnP – DHCP Discovery Example
Option 43 Format
Sample DHCP Server Config
ip dhcp pool pnp_pool
network 10.51.89.160 255.255.255.248
default-router 10.51.89.254
option 43 ascii "5A1D;B2;K4;I10.51.89.147;J80"
Resulting PnP Profile in running-config
pnp profile pnp-zero-touch
transport http ipv4 10.51.89.147 port 80
5A = PnP DHCP ID
1D = PnP DHCP debug on
1o = PnP DHCP debug off
token.K = <protocol>
1: XMPP-starttls;
2: XMPP-socket;
3: XMPP-tls;
4: HTTP;
5: HTTPS
token.B = <address type> 1:host; 2:ipv4; 3:ipv6
token.I = <remote server ip add / hostname>
token.J = <remote server port>
token.P = <server jid>
token.N = user <name>
token.O = <password>
PnP – Simple & Secure & Consistent
APIC-EM PnP Dashboard
APIC-EM PnP REST API Support
Device Repository
and Database
PnP REST API
Python
APIC-EM Bulk Import/Export
Automation Framework
(i.e. Python scripts,
configuration generator, etc)
APIC-EM API
Customer’s Existing
Automation Frameworks
Switches
(Catalyst)
Routers
(ISR/ASR)
Wireless AP
APIC-EM IWAN Application
Use Case: Cisco Best Practices & Knowledge for SDWAN
IT
Business Policy:
App SLA
IWAN
Application
DMVPN
SLA QoS
Path Selection
NETWORK
BENEFITS
SDN
Simple Workflow
Zero Touch
Provisioning
Network,
Applications
Monitoring
From Weeks to
Minutes
Note: IWAN App Release 1 targets less than 500 sites, 2 links per Branch with ISR4000.
Business Level
Policies
Over 1000 CLI commands
reduced to 10 GUI Clicks
Open
Architecture
IWAN App on APIC-EM
Step-by-Step Network and Hub Settings
Simple Policy Definition and Customization
`
Three main areas:
1. Hub site and settings
2. Administration of
application policy
3. Branch site setup
Policy-Driven IWAN Site Deployment including PnP and Monitoring
APIC-EM Path Trace Application
Use Case: Accelerate Trouble-Ticket Processing
User
IT
Trouble Ticket
Path
Visualization
NETWORK
SDN
Simple Workflow
Application Path
Monitoring
Easy visual discovery of trouble spots in
communication path based on 5-Tuple
Open Architecture
OPEX for ticket processing decreased by 98%
From 1.4 hours to 1 minute
APIC-EM Path Trace
Hop-by-hop Details specific to 5-tuple Path
APIC-EM Path Trace
"response": {
"request": {
"sourceIP": "212.1.10.20",
"destIP": "65.1.1.6"
},
"lastUpdate": "Thu Apr 23 01:23:21 UTC 2015",
"properties": [ ],
"networkElementsInfo": [
{
"id": "424621be-d2b4-4d42-ad16-92d4d5c19fa4",
"type": "WIRED",
"ip": "212.1.10.20",
"linkInformationSource": "Wired"
},
{
"id": "8beada2e-cd2c-421d-941f-3ba42696c489",
"name": "CAMPUS-Access1",
"type": "SWITCH",
"ip": "212.1.10.1",
"ingressInterface": {
"physicalInterface": {
:
Introducing APIC-EM and 3 Apps
EN TECHNOLOGY DIFFERENTIATION
3 NEW APPLICATIONS
Day 0 : Plug-and-Play App
Applications
Zero touch deployment of routers / switches / APs
Shrinks deployment from months to minutes
Orchestration
Automation
Collaboration
Security
Day 1 : Cisco IWAN App
REST API
Guided, fast auto-provisioning of IWAN solution
with Cisco experts’ best practices
From 1000s of CLI commands to a few policy
deployments with a few GUI clicks per branch
Day 2 : Path Trace App
SOUTHBOUND ABSTRACTION LAYER
CATALYST
|
ISR
|
ASR
|
WIRELESS
Discover path between two end points based
Lower OPEX for trouble ticket processing by 98%
APIC-EM Packaging and Deployment
Cisco Appliance
Grapevine
Root
GV
Client
GV
Client
LXC
Container
LXC
Container
Operation System
Server / Machine
• APIC-EM installed
• ready-to-go
• or SKU:
•
•
Download
• .iso image including
ubuntu 14.04 64bit
• available from:
Download or
Preinstalled Appliance
active-active
Scale and HA
- Software failure only
- APIC-EM-APL-R-K9
- APIC-EM-APL-G-K9
- software.cisco.com
- devnet.cisco.com
Built as a
Linux Container
1 or 2 Nodes
3 Nodes
•
•
active-active-active
Scale and HA
- Software failure
- HW failure of 1 node
Standalone or
Resilient Deployment
APIC-EM Deployment Considerations
Bare Metal/HW Appliance
Virtual Machine
GV Root
GV Root
GV Client
GV Client
Libs/Bins
Libs/Bins
LXC
Container
LXC
Container
GV Client
GV Client
Libs/Bins
Libs/Bins
Operation System
LXC
Container
LXC
Container
Virtual Machine
`
Operation System
Hypervisor and/or Host OS
Server Hardware
Server Hardware
Before You Deploy: System Requirements
 Server: 64-bit x86 (supported by Ubuntu 14.04 LTS)
 vCPU: 6 (2.4 GHz) or more
 RAM: 64 GB (for single-host deployments)/
32 GB (for multi-host deployments)
 Storage: 500 GB HDD
−
−
Hardware-based RAID at RAID level 10
Disk I/O Speed: 200 MBps
 Network adaptor: 1 x
 Browser: Google Chrome (44.0 or later)
 Hypervisor: VMware vSphere 5.1/5.5
(for Virtual Appliance)
`
Scale Numbers
Network
Devices:
2000
Access
Points:
2000
`
End
Hosts:
20,000
Note: These scale numbers are for the APIC-EM platform and the base applications.
Some other APIC-EM applications might have different scale numbers.
At GA: IWAN App Release 1 targets < 500
sites, 2 links per Branch with ISR4000
Devices Supported
General Availability Release
LAN
WAN
Device Series
Device Series
Catalyst 2960-X/XR Series Switches
Catalyst 4500x Series Switches
4000 Series Integrated Services Routers
Catalyst 2960-S Series Switches
Catalyst 4900 Series Switches
Integrated Services Routers Generation 2
Catalyst 2960 Series Compact Switches
Catalyst 6500 Series Switches
ASR 1000 Series Aggregated Services Routers
Catalyst 3560 Series Compact Switches
Catalyst 6800 Series Switches
ASR 9000 Series Aggregated Services Routers
Catalyst 3650 Series Switches
Cisco Nexus 5000 Series Switches
Catalyst 3850 Series Switches
Cisco Nexus 7000 Series Switches
Catalyst 3750-X Series Switches
EtherSwitch Modules for Integrated
Services Routers: SM-E22-16-P, SMES2-24-P, SM-D-ES2-48, SM-ES3-16-P,
SM-ES3-24-P, SM-D-ES3-48-P
WLAN
Catalyst 3560-X Series Switches
Industrial Ethernet 2000 Series Switches
Device Series
Catalyst 4500 Series Switches
Industrial Ethernet 3000 Series Switches
`
Cisco Cloud Services Router 1000v
Wireless LAN Controllers (IOS XE & AireOS)
Common Policy Model from Branch to Data Center
POLICY
DATA CENTER
Cloud
WAN AND ACCESS
Application Network Flow Profile
User and Things Network Profile
SLA, Security, QoS, Load Balancing
QoS, Security, SLA, Device, Location, Role
Data Center
WAN
Access
CISCO® ADVANTAGE
BROWNFIELD AND
GREENFIELD
END TO END
POLICY FRAMEWORK: FOCUS ON
APPLICATION AND USER ENABLEMENT
You @ DevNet Developer Ecosystem
153
APIC-EM DevNet
Companies
Topology
visualization
across AWS and
multiple controllers
Compliance
20
Average Growth
per Month
devnet.cisco.com
Forum | Sandbox | API Index | Documentation
Securing SDN
Controller
Deployments
Defense Force
for Security
UC Integration and
monitoring
Advanced
Orchestration,
Provisioning,
Lifecycle Mgmt, and
Customized Policies
Application-aware
Performance
Management,
Visualization, Granular
Troubleshooting,
Real-time analytics
and Flow Visibility
Resources and Starting Points
•
Demos in dCloud and DevNet Sandboxes
(today still running EFT code, upgrading in the coming weeks)
•
•
APIC-EM @ CCO: www.cisco.com/go/apicem
APIC-EM @ DevNet: devnet.cisco.com/site/apic-em
Cisco YouTube
https://www.youtube.com/watch?v=mUY5Er-fjOs