VIRL Personal Edition March 2015 Webinar

VIRL Personal Edition
March 2015 Webinar
Cisco VIRL Engineering Team
March 24, 2015
Cisco Products based on VIRL
•
•
•
•
•
Individual Users, Developers, Students
Community Support Forum Only
15 Cisco VM (node) Limit
Single User Annual Subscription License
Purchased on virl.cisco.com
Cisco Modeling Labs
Corporate Edition
/dev/innovate
VIRL Personal Edition
•
Multi-purpose platform to innovate
for SDN / NFV / Cloud paradigms
•
•
•
•
Corporate Users
TAC Support
15 Cisco VMs (nodes) to start;
expansion packs available
Multi-user Annual Subscription License
AGENDA
Topic
Presenter
20 min
IOSvL2 Introduction to L2 Switching in VIRL in
VIRL Personal Edition
Joel Obstfeld
10 min
ASAv: Installation, Configuration and Operation in
VIRL Personal Edition
Ralph Schmieder
10 min
Packet Capture and Interface State
Brian Daugherty
15 min
NxOSv Deep Dive
Subhav Mittal
Prashant Jhingran
5 min
Q&A
IOSvL2: L2 Switching in VIRL
Joel Obstfeld
Layer-2 Switching in VIRL
•
Next VIRL release will include the IOSvL2 virtual machine image
•
Users will have the choice of using ‘Unmanaged-switch’ or ‘IOSvL2’
to provide switching service
How do you get the IOSvL2 image?
•
VIRL system upgrade will be required
•
Once completed, IOSvL2 image will be available for download via the
‘VIRL Software’ Panel in the User Workspace Management Interface
•
Click to select the IOSvL2 image and press the ‘start installation’
button
Unmanaged Switch
•
Icon represents a LinuxBridge multipoint switch instance in your topology
•
Switch is just another LinuxBridge
process running under Openstack
control with more than 2 devices
connected
•
No configuration required for the
Switch
•
Switch is transparent – will pass .1q
packets between routers
IOSvL2
•
Image counts against the
15-node limit in VIRL
Personal Edition
•
Runs just like any other
Virtual Machine in VIRL
•
Requires configuration to be
applied
IOSvL2
•
IOSvL2 requires 768Mb Ram, 1vCPU
•
Image based on IOS 15.2 Switch (DSGS branch)
•
Provides 16 GigE interfaces, Gi0/0 reserved for OOB
management
•
•
Ports run Gi0/[0-3], Gi1/[0-3], Gi2/[0-3], Gi3/[0-3]
Configured using ‘Build Initial Configurations’ function or
manually, just like other Cisco VMs
IOSvL2
•
Interfaces operate in Layer-2 (switchport) or Layer-3
•
•
System default is Layer-3 mode, must specifically be configured for Layer-2
(switchport) operation
VM supports Switched Virtual Interface (SVI)
SVI is used for OOB management using Vlan1 interface
• OOB used for configuration extraction
•
IOSvL2 – Build Initial configurations
•
Base configuration will set up all interfaces in Layer-2 mode
•
Ports are put into ‘access mode’ if a host or router is connected –
defaults to Vlan2
•
User can specify which Vlan to place a port in by setting Vlan attribute on the
router/host interface
•
IOSvL2 to IOSvL2 connection defaults to 802.1q Trunk mode
•
You can connect IOSvL2 to Unmanaged switches
•
•
Default configuration will put interface on IOSvL2 into Vlan2
Connecting IOSvL2 or Unmanaged Switches to a Flat ‘Cloud’ is not supported
L2 Switching in VIRL
High Level Walk Through
IOSvL2 - Features
•
Layer-2 forwarding (auto-config’d)
•
DHCP Snooping
•
Switchport (auto-config’d)
•
IP device tracking
•
802.1q trunk, 802.1q vlans (auto-config’d)
•
Switched Virtual Interfaces
•
Spanning Tree (auto-config’d)
•
Layer-3 forwarding
•
Port-Channel
•
Routing protocol support – be careful!
•
802.1x passthrough
•
Port mirroring (SPAN) is NOT supported
•
Port-ACLs
•
Private Vlans are NOT supported
•
Dynamic Arp Inspection
ASAv: Intro, Configuration
and Operation
Ralph Schmieder
ASAv Demo
Interface Control and Capture
Managing Interface States and Packet Capture in VIRL
Brian Daugherty
VIRL Interface Control and Capture
•
The next VIRL Personal Edition release (after v0.9.17)
will include two new capabilities:
o
Interface State Toggling
o
Interface Packet Capture
Interface State Control – Two Down States
Soft
Hard
x
Interface State Control – Soft Down
o Interface PHY state stays up
o Routing protocols will react
after hold timers expire
o Applies to IOS XRv and ASAv
Node is isolated
Interface State Control – Hard Down
o Interface PHY state goes down
x
o Routing protocols and others that
track state react immediately.
o Applies to IOSv, CSR1000v, NXOSv
Connection is lost.
Packet Capture – Two Modes
Remote PCAP
TCP Port @ VIRL IP
PCAP
Application
(WireShark)
Persistent
File @ UWM
Packet Capture - Flexibility
o Limit on time, packets, and size
o Filter using PCAP syntax
o TCP Port is user- or autoselected
o Capture files are persistent until
deleted or session is ended
Live Demo
Demo Setup
Seattle
Boston
Pings
West
10.0.0.10
East (XRv)
0/1
192.168.0.3
0/0/0/1
South
Dallas
192.168.0.2
10.0.0.26
0/0/0/2
192.168.0.7
10.0.0.13
NX-OSv Deep Dive
Accelerating Nexus feature
adoption with NX-OSv & VIRL
Prashant Jhingran pjhingra@cisco.com – Technical Marketing Engineer
Subhav Mital smital@cisco.com – Product Manager
March 2014
Abstract
Unleash the power of NX-OSv (Nexus OS virtual) for accomplishing
tasks like configuration validation, Network simulation, network
programming (NX-API) and hands on learning.
The objective of this session is to introduce NX-OSv (Nexus OS virtual),
a software simulating Nexus switch running as a VM. This session
would also talk about NX-OSv running in a VIRL (Virtual Internet
Routing Lab) environment. Finally this session would showcase how to
simulate network topologies comprising of various NX-OS features.
Panelist Introduction & Acknowledgements
•
Arkadiy Shapiro (arshapir)
•
Kaoru Yamashita (kyamashi)
•
Subhav Mital (smital)
•
Joerg Reinecke (joreinec)
•
Nathan Sowatskey (nsowatsk)
•
Andhi Indarto (aindarto)
•
Ralph Schmieder (rschmied)
•
Joel Obstfeld (jobstfel)
•
Patrick Tate (ptate)
•
Sonu Khandelwal (sokhande)
•
Ray Romney (romney)
•
Abhinav Modi (abmodi)
Agenda

Introduction to NX-OSv (Nexus OS virtual)
•
NX-OSv - a powerful tool
•
Different ways of exploring NX-OSv

Simulating Real World Use Cases & Success Stories
•
L3, L2, programmability
NX-OSv
Data Center Deployment Challenges
•
Configuration Validation, testing and prototyping
new features
•
Troubleshooting complex networking problems
•
Training and familiarity of NX-OS Operating
system without spending $$
•
Customer Demos/Training – Capex intensive
Solution: Cloud-ify NX-OS
•
Easily evaluate new features before it hits production –
self, customer & partner education
•
Create highly accurate models – simulate real world &
future networks
•
Ability to easily spawn switches on a convenient
orchestration tool – flexibility & agility
•
Ability to scale multiple nodes within seconds – zero or
lower capex
Introducing NX-OSv
•
•
Nexus OS virtual
NS-OSv is a software simulating Nexus switches running as
NX-OSv stands for
a VM
NOT an emulator
•
NX-OSv is
because the software data
plane does not emulate the Nexus hardware
•
It doesn’t simulate differences between N6K, N5k, N7k, N3k & N9k.
It’s a
reference platform for NX-OS
NX-OSv – Benefits – Why NX-OSv ?
• Conveniently build, test and deploy networks
• Rapid prototyping of new deployments
• Validate/verify network designs and configurations
• Reduction in expenditure on lab equipment
• Decrease time for deployment of new services
• Availability and ease of scaling resources
• Reducing risks due to configuration errors
NX-OSv - Endless Possibilities!
Configuration
& Validation
Hands on
Learning
NX-OSv
Network
Simulation
Programmatic
API
NX-OSv – Data Center Fabric Simulation
Features Verified on NX-OSv
Layer-3 Routing Protocols:
o BGP (MP-BGP)
o EIGRP (IPv4 & IPv6)
o ISIS
o OSPF and OSPFv3
o RIPv2
o Static Routing (IPv4 & IPv6)
Management/Security Protocols:
o AAA (LDAP, RADIUS, TACACS+)
o CDP and LLDP
o NTP
o SNMP
o Syslog
Multicast Routing Protocols:
o IGMP / MLD
o MSDP
o PIM / PIM6
First Hop Redundancy Protocols
o GLBP
o HSRP (IPv4 & IPv6)
o VRRP
Pre-Release Features may be available:
o AMT
o LISP
Programming
o Python
o NXAPI
Disclaimer: Some features such as NAC, Netflow and Policy Based
Routing (PBR) are configurable, but may not work. This may be
useful for CLI verification.
Unsupported Features on NX-OSv
Bi-Directional Forwarding (BFD)
Cisco TrustSec (Encryption)
HA – ISSU Software Upgrades
Layer-2 Switching (OTV is an exception)
Hardware (TCAM) Related Features:
Access Control Lists (ACL’s)
Control Plane Policing (CoPP)
Quality of Service (QoS)
Interface Counters
Port-Channel Interfaces (including vPC)
Port Security
Uni-Directional Link Detection (UDLD)
Virtual Device Context (VDC)
Q-in-Q Tunneling
802.1x (dot.1x)
Creating Topologies using
VIRL
- Simulating Real World Use Cases & Success Stories
Simulating Real World Use Cases & Success
Stories
Programming using NX-API
2. L2 – Fabric Path
3. L3 – DCI using BGP, MPLS
1.
Use Case #1 - Programming
using NX-API
Programming using NX-API
#Your python code
#!/usr/env python
JSONRPC/JSON/XML
Request/response
format
import json
import requests
url =
"http://172.25.91.139/ins"
HTTP/S
HTTP/S
payload = [{'jsonrpc': '2.0',
'method': 'cli', 'params':
['show version',1], 'id': '1'}]
………
jsonrpc
request/
response
NXAPI web server
NXAPI – Providing programmatic access to Nexus switches
over HTTP/S (returns output in easy to read JSON format)
Nexus 9K/7K/6K/5K/NX-OSv
Programming using NX-API
•
Key Ask in a DC fabric - monitoring /
periodic health check
CRC error monitoring
• Monitoring memory usage, interface stats etc.
• consistency check for parameters like vlan etc.
•
•
Python & NX-API solve this requirement
Use NXAPI to call various show commands
• Compare the vlans on all the switches or vPC pairs
• Configure the missing vlans, alert the user and add the vlan if needed
•
NX-API Developer Sandbox
A tool to convert NX-OS show
commands into consumable Python
format
nx-osv-1# show run nxapi
version 7.2(0)D1(1)
feature nxapi
nxapi sandbox
nx-osv-1#
Show Commands
Input in Python
Response in json-rpc
NX-API Developer Sandbox
http://<mgmt0_IP>
Programming using NX-API
Demo using Python scripts involving
NX-API
Use Case #2 – Fabric Path
Fabric Path – Simulating Leaf & Spine Nodes
Use Case #3 – DCI using
BGP, MPLS
DCI using BGP, MPLS
DC-1
DCI
DC-2
NX-OSv Demo
Q&A
Community Support Forum:
http://community.dev-innovate.com/c/virl
Cisco VIRL YouTube Channel:
https://www.youtube.com/channel/UC41WuzXlJCGY5qLsuZ8aHkQ
Or http://tinyurl.com/ok3rbje