Solved: Re: Open Stack Integration with OnePK

softnet706 · ‎02-11-2014

Hello,

I am trying to understand, design and test a use case for integrating Open Stack Integration with OnePK. Currently we have All-in-One Pk and ODL VMs on ESXi hosts interfaced to physical/virtual network infrastructure southbound(Cisco IOS and vIOS routers/switches) and to be integrated to Open Stack systems Northbound. For Open Stack, the plan is to use Mirantis Open Stack with Red Hat Linux Open Stack Distribution as well as other open stack distributions.

I have the following queries:

1. Is there a onePK plugin available on OpenStack via the Neutron/Nova capabilities within OpenStack.

2. Can we run OnePK instances within the Open Stack compute node to replicate the OnePK VMs on ESXi hosts?

3. Also understand that tools like Puppet on Open Stack can be leveraged to automate configuration and Management.

What is the best way to go about integrating ( using a few or all of the above) or using elements of OnePk to program network elements from Open Stack.

Thanks and Regards,

Mohan

Joe Clarke · ‎02-13-2014

The onePK Java APIs are pure Java and will work on Android devices. OnePK provides a topology API that uses CDP to go hop-by-hop through a network to discover the topology. Look at the Topology Service Set. This will provide you a graph of edges and nodes that you can render in any way you see fit.

View solution in original post

Joe Clarke · ‎02-12-2014

Thanks for your interest in onePK, Mohan. I'll try and address your individual points.

No. There is no OpenStack plugin for onePK today in that there is no Neutron plugin that will allow it to speak onePK RPCs.
This is not supported today. The only supported means of running the IOSv instances is via the all-in-one VM environment's vmcloud infrastructure. We have a product in the works called Cisco Modeling Labs (CML). This is based on OpenStack, and provides images that allow you to run IOSv as well as other virtual operating systems (e.g., XRv, IOSXEv, NXOSv) within an OpenStack environment. That environment uses KVM at the moment. CML is slated for release next month as I recall.
The Nexus 9K can leverage Puppet. There is also work underway on a Puppet agent for other NX-OS platforms.

OnePK isn't geared toward provisioning at the moment. Meaning the device changes introduced via onePK do not persist once the application disconnects. So your OS plugin would need to remain connected to the device to continue to provide the desired operational state. If you want more persistence, one option is to consider using the VTY Service Set in onePK for the time being to interact with the CLI to make changes (while using other APIs to gather statistics). These changes can then be persisted as with other configuration.

softnet706 · ‎02-12-2014

Hi Joseph,

Thanks very much indeed and that is really helpful information regarding using VTY service sets in onePK for more persistence. On the same note, what we were planning to achieve is to discover the topology of a network ( using the topology API) from a Mobile client( ipad) for example connected via 3G to OpenStack and the underlying the ESXi infrastructure, and to perform various actions on the topology discovered via Open Stack. So it looks like currently we have to directly map this information from the Mobile client to the All-in-one PK on ESXi until CML is available. By the way are there are any Java/OnePK API's that can be instantiated from mobile clients (ipad or android for example) to discover Cisco routers and switches?

Thanks and Regards,

Mohan

Joe Clarke · ‎02-13-2014

The onePK Java APIs are pure Java and will work on Android devices. OnePK provides a topology API that uses CDP to go hop-by-hop through a network to discover the topology. Look at the Topology Service Set. This will provide you a graph of edges and nodes that you can render in any way you see fit.

View solution in original post

softnet706 · ‎02-25-2014

Hi Joseph,

Thanks very much for the update and sorry for my late reply. Just a quick one on the One PK Java API for Android devices, can we use it in the API set which already exists or do we have to request for Android APIs.Also, is there any road map towards One PK support for iOS/Apple devices.

Joe Clarke · ‎02-26-2014

You can use the Java SDK for Android development. Essentially, just import the onePK jars into your Android project. There is no specific Android SDK for onePK.

I have not heard of any firm plans to do an iOS port of the API libraries. However, you could build a web-based application off device with a mobile interface that makes onePK calls in the backend.

softnet706 · ‎02-27-2014

Hi Joseph,

Many thanks for this information and we will try and build applications for certain fail over scenarios (primary to secondary boxes) and extend this to an Android/Ipad device, which can give us an end of end view of the network from the mobile device to the end client(router) which involves topology discovery, interface mappings, IGP/EGP routing, may be even include IPsec in the mix using the various constructs of OnePK and instantiation of fail over from the end mobile device.

By the way, i am sorry going to bother you with another issue my colleague ran into when he was trying to extend the 3node ViRl topology on the All-in-one PK to a 4node topology. He was not able to decode the co-relation of vmcloud orchestrator with the default config and resulted in a parsing error when the 4node Virl file is executed.

The following additional code was added to the 3 node ViRl file and the file was saved as 4node ViRl text:

<node name="router4" type="SIMPLE" subtype="vios" location="371,407" vmImage="/usr/share/vmcloud/data/images/vios.ova">

<extensions>

<entry key="bootstrap configuration" type="String">/home/cisco/vmcloud-example-networks/4node/router4.con</entry>

<entry key="import files" type="String">/home/cisco/vmcloud-example-networks/4node/router4.p12</entry>

</extensions>

<interface name="GigabitEthernet0/0"/>

<interface name="GigabitEthernet0/1"/>

<interface name="GigabitEthernet0/2"/>

</node>

This results in the following error message when the file is executed:

cisco@onepk:~$ vmcloud netcreate -v /home/cisco/vmcloud-example-networks/4node/4node.virl 4node

Using default configuration: /etc/vmcloud/vmcloudrc

Launching NDE network ...

Traceback (most recent call last):

File "/usr/lib/python2.7/dist-packages/vmcloud/action/vmCloud.py", line 279, in netcreate

toponame)

File "/usr/lib/python2.7/dist-packages/vmcloud/parser/virlParser.py", line 245, in getVirlParser

toponame)

File "/usr/lib/python2.7/dist-packages/vmcloud/parser/virlParser.py", line 42, in __init__

self.validateVirl()

File "/usr/lib/python2.7/dist-packages/vmcloud/parser/virlParser.py", line 167, in validateVirl

src_intf = ctxt(src)[0].attrib['name']

IndexError: list index out of range

None

netcreate :list index out of range

NDE network launch: Failed

Thanks and Regards,

Mohan

chomjakrichard · ‎03-01-2014

Did you create configuration and certificate for router R4?

softnet706 · ‎03-03-2014

Hi chomjakrichard,

Thanks and yes i did and i have just posted the config file. For the certificate, do we have to generate a new cert for the new router?

Joe Clarke · ‎03-03-2014

I don't see your virl config file. Yes, you do need to generate a new cert for your new router using the createNEp12.sh script under ~cisco/.simpleCA.

softnet706 · ‎09-30-2014

Hi Joseph,

I have generated a certificate for a new vIOS router(R4) using the createNEp12 script . Just wondering how can i import this certificate to the new router R4.

Thanks.

chomjakrichard · ‎09-30-2014

For example

en
conf t
crypto pki import demoTP pkcs12 tftp://192.168.20.1/Router.p12 password cisco1

where password is same as you generated with createNEp12. demoTP is name of CA.

And IP is ip address of your TFTP server

For more information:

Virtualized environment without double virtualization with GNS3

and

How To Use the All-In-One SimpleCA For a Physical Router

(read comments)

softnet706 · ‎09-30-2014

Thanks for this..but in my case i am adding a few vIOS routers on the A-I-O VM, have generated certs for the new routers, but cannot login to them to import the certs and if i create "vmcloud netcreate ...." is giving me an Index error.

chomjakrichard · ‎10-01-2014

oh sorry, in your configuration file for vmcloud 4node.virl? Set path to

your certificates. Look into 3node config and you will see something like

"path/to/file.p12" and do it for your configuration.

2014-10-01 8:54 GMT+02:00 Mohan Kumar <community@cisco.com>:

Cisco Communities <https://communities.cisco.com/> Open Stack
Integration with OnePK
reply from Mohan Kumar <https://communities.cisco.com/people/softnet706>
in Developer > Networking > ACI > onePK - View the full discussion
<https://communities.cisco.com/message/165377#165377>

chomjakrichard · ‎10-01-2014

4node.virl

in case of router1

<entry key="import files" type="String">/home/cisco/vmcloud-example-networks/4node/router1.p12</entry>

change this path, where is your certificate.

If your path of certificate is different like "TFTP path" of AllinOne.

I am not sure if it will work, because what I know, AllinOne uses TFTP server for importing certificates to the router.

That's mean if your path of p12 certificates is not in "TFTP path" you router probably won't "download" these certificates correctly!

Richard CHOMJAK