ios xe application hosting · 2021. 7. 19. · storage for application hosting: harddisk,...
TRANSCRIPT
Technical Marketing Engineering Technical LeaderJuly 2021
ISR, ASR, CSR and Catalyst Routing Platforms
IOS XE Application Hosting
Sumant Mali
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Become an event Top Contributor!
Participate in Live Interactive Technical Events and much more
http://bit.ly/EventTopContributors
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Rate content at the Cisco Community
Rate documents, Videos & blogs!
Help us to recognize the quality content in the community
Encourage and acknowledge people who generously share their
time and expertise
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
You can volunteer to host a Cisco Community Event!
Register here: http://bit.ly/cl-hostevent
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Community Expert
Sumant MaliTechnical Marketing Engineer
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Download Today’s Presentation
https://bit.ly/cl-slides0720
Thank You For
Joining Us Today!
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Use the Q&A panel to submit your questions and the panel of experts will respond.
They will be answered eventually
Submit Your Questions Now!
Please take a moment to complete the survey at the end of the event
edge… fog… cloud… each has its own place! ☺
Technical Marketing Engineering Technical LeaderJuly 2021
ISR, ASR, CSR and Catalyst Routing Platforms
IOS XE Application Hosting
Sumant Mali
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Agenda
Services PlaneEdge
Compute Solutions
Application Life-cycle
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Are you deploying Application Services in WAN edge routers today?
A. Yes
B. No
Poll Question #1
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Edge Compute Solutions
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Edge Compute Evolution
Growing with increase in Data Processing across Industries
Virtual Assists
Self-driving and Connected
Intelligent Mobility
Healthcare Physical Security
Customized System Control
AgricultureEnergy Systems
Smart things
Manufacturing
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Snort, WAAS, UTD Services
Data Plane
Linux OS
Virtual Manager / IOxIOSd
Snort WAAS Other Apps
LXC KVM LXC CPU Cores Allocated
Management VPG
Traffic VPG Virtual Ports (VPG)
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Guest Shell = CentOS + Python
• 64-bit application environment with IOS XE
• Isolated user space- Fault, Resource isolation
• Access to bootflash• Linux Commands- Integrate
into existing Linux workflows• Integrated Python, Cisco CLI
python library for CLI operations and automated output collection
Scripts executed internally
Guest Shell(Python)
IOS XE
Python / YANG / CLI / EEM APIs
Intent-based Network Infrastructure
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ZTP Workflow using Guest Shell
Device ON
Is config present?
Load config, exit
Start ZTP on Mgmt. and front panel ports
Send DHCP request on all L3 interfaces (Mgmt and vlan 1)
DHCP offer
received?
enter key Received
?
Option 67
present?(python)
Exit ZTP
Non-ZTP workflow
Fetch the python script in option 67
Start Guest Shell and execute script
Unconfigure Guest Shell
ZTP Complete
Yes
No
Yes
Yes
Yes
No
No
No
Yes
For your
Reference
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Device to device path monitoring
Client-Server model Edge ComputeOpen doors for Rapid Innovations
Cloud Hosted / On Prem Server Application
WAN / Internet
Link Monitoring
• Client application at Edge Router
• Cloud hosted Server App
DNS Service
• Open doors for edge-compute for custom made applications in form of docker, LXC, KVM
AI/ML Networking
• Branch routers, Headend VoIP traffic monitoring
VoIP Monitoring
• Device health monitoring SNMP, telemetry, etc.
Device Monitoring
• Multi-cloud path visibility for DCA at WAN Edge
• IaaS – Edge Connectivity
Multi-Cloud Paths
• Monitor SaaS Services Performance from Edge Routers
SaaS Services
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Software-Defined AVC Solution
Custom rules(User, API, ML Deterministic)
Network Access Devices (IOS XE)
Control Plane
NBAR Data Plane
SD-AVC agent
SD-AVC Network Services
SD-AVC
Profiling & Probing
Profiling & ProbingAttributes Taxonomy
Cloud Update
Update & Control
Non NetworkProbe
Cloud Telemetry
App Rules Device Rules
Cisco SD-AVC Cloud
Apps Partners / 3rd party,
Office-365, Umbrella, etc
Device Classification
Partners / 3rd party, GUDID, FingerBank, etc
Control Plane
NBAR Data Plane
SD-AVC agentControl Plane
NBAR Data Plane
SD-AVC agent
Profiling & ProbingUpdate & ControlProfiling & ProbingUpdate & Control
Hosted as Container Application on Edge Router
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Provider Edge Smart ProbingTraditional Routing Network Performance Monitoring
Server Application
Client Application Client Application
Use-case:• 10 pps between two PE prefixes• 1 pps between Client and Server
e0e1e2e0e1e2
PE Router 1 PE Router 2
Gig0 Gig0
Network
Gig<x/y/z> Gig<x/y/z>
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Service Plane Architecture
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Edge Routing Platforms
ASR 1000
ISR 4000
ENCS 5400ISR1121-X
Catalyst 8300 Catalyst 8500 Catalyst 8200 uCPEISR1161-X
Catalyst 8200
SRIOVHypervisor/Cloud
Catalyst 8000V
CSR 1000V
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What is Service Plane?Opens door for Edge Compute
Service Plane
Data Plane
Control Plane x86
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Service Plane ArchitectureISR 4000 Platforms
Control Plane 1c, Services Plane: 3c
Data Plane Cores
Multigigabit Fabric
FPGE
SM-X
NIM
FPGE
IOSd
App App
App
PUNT Path
ManagementEthernet
Service Plane
(control plane CPU)
KVM - Hypervisor
Hosted App
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Service Plane ArchitectureCatalyst 8300/8200/8500L Series Edge Platforms
I/O I/O Core
PPE Data Plane Core
CP Control Plane Core
SP Service Plane Core
Dynamic Core Allocation*
Service Plane Optimized
I/O
I/O PPE
PPE CP
SP SP
SP I/O
I/O PPE
PPE CP
PPE PPE
PPE
Data Plane Optimized
Hosted
App1
Hosted
App2
KVM — Hypervisor
IPS URL-F
LXC Container
AMP
UTD Engine
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
WAN Interfaces
IOS XE Data Plane
IOS XE Control Plane
x86 Processor
Linux
10 GE
N ModuleNIM/SM ModuleNIM/SM Module
2x1 GE
Route/ForwardingProcessor
Multi-Gigabit Fabric
(Internal)
Service Plane ArchitectureISR4K/C8300 Platforms with UCS-E Module
Internal Interfacesx86 Processor
Hypervisor
VNF
VNFApp
vSwitch
UCS-E Module
2x 1GE
1 GE
BMC
CIMC
App
Supported UCS-E Modules
UCS-E160S-M3/K9, UCS-E180D-M3/K9, UCS-E1120D-M3/K9
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Service Plane ArchitectureASR 1000 Platforms
MiscControl
ESPs
SSD
SIPs ESPs RP SIPs RPESPs SIPs SIPsRP
Quad Core CPU
Management BusInterconnect EOBC Switch
CPU Memory
Management
Ethernet
USBConsole
& Aux
NVRAM
Bootdisk
Stratum-3 Network
clock circuit
Card
Infrastructure
BITS
(input & output)
RP
Boot Flash
Output clocks
Inputclocks
PUNT Path
Quad Core CPU1 Core for App-Hosting
IOSd
App
Service CoreControl Plane CPU
KVM Hypervisor
Hosted App
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Quad Core CPU1 Core for App-Hosting
Bay 1Bay 2
QE/HE0/2/0
QE0/2/4
QE0/2/8
Bay 0
QE/HE0/1/0
TE0/0/4
TE0/0/6
TE0/0/5
TE0/0/7
TE0/0/0
TE0/0/2
TE0/0/1
TE0/0/3
TE0/1/0
TE0/1/2
TE0/1/1
TE0/1/3
QSFP28 Port
100/40G
QSFP28 Port
100/40G
QSFP Port40G
Chassis Mgmt.
CPLD/FPGAReset Ctrl
QFP 3.0 Data Plane
SDRAM SDRAM SDRAM
sTCAM80Mb
Packet Buffer Resource Memory sTCAM I/F
DDR4
EP1EP0Crypto
120Gbps 120Gbps
ManagementEthernet
PUNT Path
Service Plane ArchitectureCatalyst 8500 Series Edge Platforms
IOSd
App
Service CoreControl Plane CPU
KVM Hypervisor
Hosted App
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Service Plane ArchitectureC8200 Edge uCPE Platform
8-core CPU(No Hyperthreading enabled)
1 3 52 4 6 7 8
NFV
IS
Cata
lyst
80
00
v
IOS
d
Security
or
3rd
Part
y A
pp
licat
ion
Lin
ux V
M
Core
s
OV
S D
PD
K
Easy Orchestration from vManage in SD-WAN mode
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
vCPUs 1 2 4 8
Control 1/3 1/2 1/2 1/2
Service 1/3 1/2 1/2 1/2
Data 1/3 1 3 7
Default (Data Plane Heavy)
vCPUs 1 2 4 8
Control 1/3 1/2 1 1
Service 1/3 1/2 1 1
Data 1/3 1 2 6
Control Plane Heavy
vCPUs 1 2 4 8
Control 1/3 1/2 1 1
Service 1/3 1/2 1 1
Data 1/3 1 2 6
Service Plane Medium
vCPUs 1 2 4 8
Control 1/3 1/2 1 2
Service 1/3 1/2 1 2
Data 1/3 1 2 4
Service Plane Heavy
Service Plane ArchitectureCatalyst 8000V Series Edge Software
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Only IOx LXC and KVM type containers are supported
• Docker workflow is supported
• Use ‘ioxclient’ utility to package as IOx package
Storage for Application Hosting: harddisk, bootflash, M.2 NVMe
Connectivity Options:• Access via the management interface
• Access via the front-panel ports
Application Hosting on IOS XE Routing Platforms
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
App-hosting Architecture Overview
Platform Specific Data Plane
Libvirt-QEMU-KVM
VM App1 VM App2IOSd
Control Plane
NGINX Web
Server
IOxCAF
Linux OS
ControlPlane
Data Plane
LXC App
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
LXC Package = Application binaries + Libraries run on host OS
Linux Container Type
App sizeIn MB
Host OS
Host System
Bins/Libs Bins/Libs
App A App B
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Kernel Virtual Machines
App size in GB
Hypervisor
Host OS
Host System
Guest OS Guest OS
Bins/Libs Bins/Libs
App A App B
KVM Package = Application binaries + Libraries + an entire Guest OS
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Shared Management i/f
Important Hardware Components
Multi-Core x86 CPU
64-bit SMP mode, hyper-thread support
Service Plane Cores
Guaranteed Core allocation
Memory and Storage
Dedicated RAM + Storage
Shared Punt Path
Control Plane + App Traffic
Out of Band Connectivity
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Which platforms you would like to consider for edge compute applications in your network?
A. Branch Router
B. Aggregation (Hub) Router
C. Virtual Router
D. Options A, B & C
E. None
Poll Question #2
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Application Framework
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IOx = IOS + LinuX
End-to-end Application Framework
MonitorApps, Data
DeployStart, Stop
Distribute
Life-cycle Management
Programmable APIs
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IOS XE Application Framework*Native docker is not supported on Routing
Platforms.IOx Client Fog Director
Local Manager
RES
T
RES
T
REST
Cisco Application Framework (CAF)
Host OS (IOS XE Kernel)
OS Process
OS Kernel
VM
CLI
External Management Interfaces
On-Box Management Interfaces
Libvirtd
Linux Process
Docker
Dockerd
i oxman
YANG Netconf Client
Linux Process
LXC
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Application Traffic: Packet Flow
Packet Data Path
Management VRFIOSd
App VM1
NGINX Web Server
Cisco Application Framework
App VM2 App VM3
Internal Network
GigabitEthernet <x/y/z>
VirtualPortGroup <x>
GigabitEthernet 0
IOS XE
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Network Connectivity
• Support Layer 2-3 packets
• Applications are not aware of VRF configuration
Virtual Port Group (VPG) Interface Connection
• Layer 3 Routed mode
• Network Address Translation
• ip-unnumbered
Management GigabitEthernet0 Interface Connection
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IOx Management TrafficApplication management
NGINX webserver frontends all http/https traffic
IOx RESTAPI and Local Manager WebUI traffic goes through NGINX
NGINX server connects through Mgmt-intf VRF
Application Management
Traffic
NGINX Webserver
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IOx Application TrafficActual traffic served by Application
Built in Gateways to establish application connectivity
Internal VPG interface App traffic to Router data path
Up to 4 unique VPGs per application
VPG i/f
Data Path i/f
Application Container
Punt Path
Gig0
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Application Resource LimitsPlatform Dependent
iox-Router# show app-hosting resource
CPU:
Quota: 80(Percentage)
Available: 80(Percentage) !! Max App-hosting % CPU limit
Quota: 800(Units)
Available: 800(Units)
VCPU:
Count: 1 !! App-hosting CPU core limit for KVM
Memory:
Quota: 4096(MB)
Available: 4096(MB)
Storage space:
Total: 225280(MB)
Available: 203085(MB)
iox-Router#
vCPU: Allows to use minimum 1 vCPU (thread) per KVM Application
CPU Quota: % CPU at Linux (host OS) level allocated for App-Hosting
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Linux Level Connectivity
Serial Port Linux Device (/dev) Function IOS Exec CLI Command
serial0 ttyS0 Console connection#app-hosting connect appid<app-name> console
serial1 ttyS1Auxiliary connection (2nd
concurrent app console connection)
#app-hosting connect appid<app-name> aux
serial2 ttyS2Syslog and IOS console logging
#show logging
serial3 ttyS3 Application Trace logfile#app-hosting move appid<app-name> log to bootflash:
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Secure Framework
• Application Signature Verification
• Secureboot for Cisco signed applications
• Memory, CPU: bound by Control groups
• Process, files access: user namespace
• Disk usage: separate storage
• Network level isolation within applications
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Application Life-cycle
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
KVM Application Workflow
Convert disk image
Package App Deploy App
Prepare app descriptor file
Run the App
Create Package
Deploy Application
Run Application
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
code, build
LXC Docker WorkflowDevelop using Docker tool chain; Deploy using Fog Director
Dependency
Run-time
App
Develop Deploy and Manage
Cisco Docker Hub
IOx tools
IOx
ContainerYang API
Controller
Docker tools
PULL libraries
AppDeveloper
Docker
container
Benefits:• Leverage Developer familiarity of Docker tool chain• Easy to integrate IOx deployment with Enterprise DevOps Process
CLIPlatform
running IOx
Platform
running IOx
Platform
running IOx
IOx App
IOx App
IOx App
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Management Network: GE0
iox-Router#conf t
iox-Router(config)#interface GigabitEthernet0
iox-Router(config)#vrf forwarding Mgmt-intf
iox-Router(config-if)#ip address 1.100.40.26 255.255.255.0
iox-Router(config-if)#no shutdown
iox-Router(config-if)#exit
iox-Router(config)#ip default-gateway 1.100.40.1
iox-Router(config)#ip route 0.0.0.0 0.0.0.0 1.100.40.1
iox-Router(config)#ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0
1.100.40.1
iox-Router(config)#exit
iox-Router#Setup the default
gateway and route for management
network
Setup the external interface Gig0 IP address
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Enable IOx, disable signature verification
iox-Router#conf t
iox-Router(config)#iox !! enable the IOx CAF process
iox-Router(config)#exit
iox-Router# show iox-service
IOx Infrastructure Summary:
---------------------------
IOx service (CAF) 1.11.0.2 : Running
IOx service (HA) : Not Supported
IOx service (IOxman) : Running
IOx service (Sec storage) : Not Supported
Libvirtd 1.3.4 : Running
iox-Router#
Enable IOxapp-hosting
Make sure important IOx services are in
‘Running’ state
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
VPG configuration- with NAT
iox-Router#conf t
iox-Router(config)#interface VirtualPortGroup1
iox-Router(config-if)#ip address 192.168.0.1 255.255.255.0
iox-Router(config-if)#ip nat inside !! if NAT is desired
iox-Router(config-if)#no shutdown
iox-Router(config)#exit
iox-Router#VirtualPortGroupinterface acts as NAT inside interface
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
VPG configuration- with DHCP Pool
iox-Router#conf t
iox-Router(config)#interface VirtualPortGroup1
iox-Router(config-if)#ip address 192.168.0.1 255.255.255.0
iox-Router(config-if)#ip nat inside !! if NAT is desired
iox-Router(config-if)#no shutdown
iox-Router(config)#ip dhcp pool iox-apps
iox-Router(dhcp-config)#network 192.168.0.0 255.255.255.0
iox-Router(dhcp-config)#default-router 192.168.0.1
iox-Router(dhcp-config)#domain-name sample.com
iox-Router(dhcp-config)#dns-server 171.70.168.183
iox-Router(dhcp-config)#option 42 ip 171.68.38.65
1.100.30.113
iox-Router(dhcp-config)#exit
iox-Router(config)#ip dhcp excluded-add 192.168.0.0
192.168.0.2
iox-Router(config)#ntp master
DHCP pool allows flexible IP allocation in Application space. Suitable mode for Application Developer.
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
VPG configuration- without NAT
iox-Router#conf t
iox-Router(config)#interface VirtualPortGroup1
iox-Router(config-if)#ip unnumbered GigabitEthernet0
iox-Router(config-if)#ip helper-address 1.100.30.114
iox-Router(config-if)#no shutdown
iox-Router(config)#ip dhcp pool iox-apps
iox-Router(dhcp-config)#network 192.168.0.0 255.255.255.0
iox-Router(dhcp-config)#default-router 192.168.0.1
iox-Router(dhcp-config)#domain-name sample.com
iox-Router(dhcp-config)#exit
iox-Router#
VPG using unnumbered configuration and Public IP as helper address.
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
App-VNIC and Gateway Configuration
iox-Router#conf t
iox-Router(config)#app-hosting appid myapp
iox-Router(config-app-hosting)#app-vnic gateway0
virtualportgroup 0 guest-interface 0
iox-Router(config-app-hosting-gateway0)#end
iox-Router#Attaching logical gateway for specific VPG i/f and binding it to guest interface
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
App Life-cycle: install, activate, start…app-hosting install appid myapp package flash:myapp.tar
app-hosting activate appid myapp
app-hosting start appid myapp
app-hosting uninstall appid myapp
app-hosting deactivate appid myapp
app-hosting stop appid myapp
install activate start
uninstall deactivate stop
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Connect to Application Consoleiox-Router# app-hosting connect appid myapp ?
aux Connect to aux
console Connect to console
session Connect without login for only Docker app
iox-Router#
Easy access to App console or aux (2nd console) using Router exec ‘connect’ CLI.
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Application Management
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
WebUI HTTP Configuration: NGINX Webserver
iox-Router#conf t
iox-Router(config)#username cisco privilege 15 password 0
cisco
iox-Router(config)#ip http server
iox-Router(config)#ip http authentication local
iox-Router(config)#ip http secure-server
iox-Router(config)#exit
iox-Router#
Enabling HTTP/HTTPS for NGINX Webserver on router and local user credentials
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
WebUI dashboard
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Local ManagerDemo
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Yang Models for App-hosting
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
End-to-end Workflow using Yang APIs
Cisco-IOS-XE-app-hosting.yangCisco-IOS-XE-app-hosting-cfg.yang
Cisco-IOS-XE-app-hosting-oper.yang
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
RPC Calls using Yang APIs
Activate
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101">
<app-hosting xmlns="http://cisco.com/ns/yang/Cisco-IOS XE-rpc">
<activate>
<appid>myapp</appid>
</activate>
</app-hosting>
</rpc>
Start
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101">
<app-hosting xmlns="http://cisco.com/ns/yang/Cisco-IOS XE-rpc">
<start>
<appid>myapp</appid>
</start>
</app-hosting>
</rpc>
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• How much traffic bandwidth is required for your intended edge compute application?
A. Up to 10 Mbps
B. 10 to 100 Mbps
C. 100 to 500 Mbps
D. 500 to 1000 Mbps
E. More than 1 Gbps
F. Not sure
Poll Question #3
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Troubleshooting, References
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Troubleshooting: Life-cycle Issue
• Incorrect package location• Incorrect IOx tar format
Install Issue
• Interface not associated• Resource not available
Activation Issue
• package.yaml related or• App specific coding issue
Start Issue
• Console config missing at Application level
Console Access
For your
Reference
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
iox-service Status
iox-Router# show iox-service
IOx Infrastructure Summary:
---------------------------
IOx service (CAF) 1.11.0.2 : Running
IOx service (HA) : Not Supported
IOx service (IOxman) : Running
IOx service (Sec storage) : Not Supported
Libvirtd 1.3.4 : Running
iox-Router#
Make sure important IOx services are in
‘Running’ state
For your
Reference
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Per Application Resource Utilization
iox-Router# show app-hosting utilization appid myapp
Application: myapp
CPU Utilization:
CPU Allocation: 4000 units
CPU Used: 12 %
Memory Utilization:
Memory Allocation: 1900 MB
Memory Used: 25472 KB
Disk Utilization:
Disk Allocation: 10 MB
Disk Used: 0.00 MB
iox-Router#
Per Container resource utilizationFor CPU, Memory
and Storage
For your
Reference
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IOx KVM App CPU Loads
iox-Router# show processes cpu platform sort
top - 05:09:53 up 13 days, 4:32, 0 users, load average: 1.62, 1.76, 1.75
Tasks: 336 total, 2 running, 334 sleeping, 0 stopped, 0 zombie
%Cpu(s): 7.7 us, 12.0 sy, 0.0 ni, 75.2 id, 0.0 wa, 0.0 hi, 5.1 si, 0.0 st
MiB Mem : 15564.4 total, 10001.4 free, 1871.4 used, 3691.6 buff/cache
MiB Swap: 0.0 total, 0.0 free, 0.0 used. 13339.2 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
Pid PPid 5Sec 1Min 5Min Status Size Name
-------------------------------------------------------------------------------
-
8111 1 198% 114% 0% S 2436014080 qemu-kvm
20770 19740 1% 1% 1% S 704102400 repm
‘qemu-kvm’ process running KVM package
For your
Reference
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IOx LXC App CPU Loads
iox-Router# show processes cpu platform sort
CPU utilization for five seconds: 16%, one minute: 3%, five minutes: 13%
Core 0: CPU utilization for five seconds: 100%, one minute: 22%, five minutes:
6%
…
Core 7: CPU utilization for five seconds: 0%, one minute: 0%, five minutes:
44%
Pid PPid 5Sec 1Min 5Min Status Size Name
-------------------------------------------------------------------------------
-
12637 12612 99% 0% 0% R 4431872 yes
23171 22847 21% 3% 1% S 494772224 smandIdentify the process responsible for LXC
Applicatione.g. ‘yes’ process
running Guest Shell
For your
Reference
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Application tracelogs, IOx Infra techsupport
iox-Router# app-hosting move appid myapp log to bootflash:
Successfully moved tracelog to bootflash:
iox_myapp_R0-0.13102_0.20200314095020.bin.gz
iox-Router#
iox-Router# app-hosting move system techsupport to ?
bootflash: Destination path
flash: Destination path
harddisk: Destination path
webui: Destination path
iox-Router#
iox-Router# app-hosting move system techsupport to bootflash:
Successfully moved tech support to bootflash:/tech_support_2020
-03-11_00.44.54.tar.gz
iox-Router#You can unzip and read
tracelogs, they are saved as text, no binary
‘app-hosting move’ CLI to capture app-specific tracelogs
For your
Reference
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
WebUI Connection Troubleshooting• Issue: Browser SSL Errors (e.g. ERR_SSL_PROTOCOL_ERROR)
• Happens mostly due to stale Self-Signed Certificate
• Recovery Steps: Regenerate Self-Signed Certificate
• Disable NGINX Server using ‘conf term’ → ‘no ip http secure-server’
• Remove Self-Signed Certificate
• Find using ‘show run | include crypto pki trustpoint’
• Remove listed cert using ‘conf term’ → ‘no crypto pki trustpoint <certID>’
• Verify removal using ‘show run | include crypto pki trustpoint’
• Enable NGINX Server using ‘conf term’ → ‘ip http secure-server’
• Verify new Self-Signed Certificate using ‘show run | include crypto pki’
• Save config, reload using ‘write mem’ → ‘reload’
• Once Router is reloaded try to connect to WebUI, “https://<Router-ip>:443”
For your
Reference
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
KVM and LXC Package Creation
• Package Descriptor:
https://developer.cisco.com/docs/iox/#!package-descriptor/iox-package-descriptor
• KVM Workflow:
https://developer.cisco.com/docs/iox/#!vm-applications-overview
• LXC Workflow:
https://developer.cisco.com/docs/iox/#!lxc-workflow
• Setup docker environment for IOx:
https://developer.cisco.com/docs/iox/#docker-images-and-packages-repository
For your
Reference
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
App-Hosting Yang Model
• 17.4.1 Repository:
• https://github.com/YangModels/yang/tree/master/vendor/cisco/xe/1741
• App-Hosting Yang Models:
• Cisco-IOS-XE-app-hosting-cfg.yang
• Cisco-IOS-XE-app-hosting-oper.yang
• Cisco-IOS-XE-app-hosting.yang
• Yang Model: Cisco-IOS-XE-rpc.yang
For your
Reference
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Key Takeaways
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Edge Compute Design for WAN Edge Routing
Cisco Application Framework02
Easy Management03
Modular, Secure Application Space04
Service Plane on Routing Platforms01
x86 Service Plane Architecture
“Edge Compute for Enterprise WAN Edge is set to evolve
alongside 5G Cellular WAN & Data Optimization Solutions!”
Easy Management CLI, API, WebUI
End-to-End FrameworkIOx = IOS + LinuX
Modular, Secure Application Space
x86
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Submit Your Questions Now!
Use the Q&A panel to submit your questions, our expert will respond
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Ask Me Anything
ASK ME ANYTHING
Till July 30th, 2021With Sumant MaliParticipate: https://bit.ly/cl-ama0720
Sumant Mali
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• @Cisco_Support
http://bit.ly/csc-twitter
• Cisco Community
http://bit.ly/csc-facebook
Collaborate within our Social Media
Learn About Upcoming Events
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
We invite you to review our Social Media Channels
• Cisco Community
• http://bit.ly/csc-linked-in
• Cisco Technical Support
App
Learn About Upcoming Events
• Cisco Community
• http://bit.ly/csc-youtube
YouTube
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Comunidade da Cisco Portuguese
Сообщество CiscoRussian
Comunidad de Cisco Spanish
シスココミュニティJapanese
思科服务支持社区Chinese
Cisco has support communities in other languages!If you speak Spanish, Portuguese, Japanese, Russian or Chinese we invite you to participate & collaborate
NEWCommunauté Cisco
French
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
More IT Training Videos and Technical Seminars on the Cisco Learning Network
View Upcoming Sessions Schedulehttps://cisco.com/go/techseminars
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Thank you for Your Time!
Please take a moment to complete the survey
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Thank you for participating, you earned a discount!
Redeem your 35% discount offer by entering code: CSC when checking out.
http://bit.ly/Community-CiscoPress2020
Cisco Press
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Thanks For Joining today!