BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

1

Application eXtension Platform (AXP)

BRKDEV-1001

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

2

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

1

Agenda
1. Introduce the ISR and Service Module 2. Why AXP ? 3. AXP Use Cases 4. AXP Architecture 5. Development Cycle 6. Packaging and Installing 7. AXP API 8. CLI Plug-In 9. Debugging 10. Failure Detection

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

3

Traditional Business Solution: Separate Applications and Appliances
Security
Firewall, IDS and VPN Appliances

Application Optimization

File Engine

Voice Services

Hybrid/Key System

Data

Branch Access Router

Local Connectivity

LAN Switch

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

4

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

2

Integrated Solution for Advanced Services

Integrated Services Router
Embedded Security Voice Ready Application Optimization L2 Switching Network Analysis
BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

5

The Value of Integration
Overlay Appliances
3G Modem Router Switch Wireless LAN WAN/App Optimization Security Appliance Voice Appliance

Integrated Services Router

vs.

Cisco ISR 3845
With Voice, Wireless, Video, WAN Optimization, Switch

Over 70% OpEx Reduction
Total Cost of Ownership
Direct and Indirect Costs
$80,000 $70,000 $60,000 $50,000 $40,000 $30,000 $20,000 $10,000 $0
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

Competitive Overlay Appliances
Revenue Loss Employee Productivity Unplanned Downtime Losses Planned Downtime Losses Maintenance Contracts

Cisco Integrated Services Router

Facilities (Space, Power, Cooling)‫‏‬ Implementation Costs NMS Costs

6

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

3

Integrated Services Routers Portfolio
Performance and Services Density
Feature Breadth and Scale at Highest Performance 3800 Series High Density and Performance for Concurrent Services

2800 Series

Embedded, Advanced Voice, Video, Data, and Security Services

1800 Series

800 Series

Embedded Wireless, Security, and Data SP/Edge Head Office Branch Office Small Branch SMB Small Office and Teleworker

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

7

Router-Integrated Services
Extending the Platform by Integrating Applications and Services
Security Voice/Video Application Optimization Network Analysis

Intrusion Detection

Cisco Unity Express Voicemail

Content Engine

Network Analysis Module

Network Access Control Cisco IOS VPN Cisco IOS Firewall Cisco IOS IPS 802.1x
BRKDEV-1001 14592_05_2008_c1

Extended Voice Module Call Manager Express Auto Attendant

AONs

TCP Optimization/ Compression

IP-SLA QoS NBAR NetFlow
8

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

4

Why Application eXtension Platform (AXP)?

Cisco’s New Application Services Strategy

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

9

Integrated Services in the Empowered Branch: Current Limitations and Needs
Integrated Services Routers Services
Security IP voice and video WAN/app optimization Mobility Monitoring

User Applications

WAN/LAN Access

Only Cisco developed services are integrated Customers, system integrators, and ISVs would like to add their own value-added functionality into the router They don’t just want to host applications but to integrate their applications into the network to solve business problems
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

10

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

5

Solution—AXP
Provides the Ability for Customers, Third-Party System Integrators, Managed Service Providers, and ISVs to Integrate Custom Services into Cisco’s Integrated Services Routers

tio n

N ew

id a

p Ap

ns ol

n io at lic

Co

Ph ys ic

Programmatic Router Integration
Prop. Logic

al

C a ap

Custom Scripts

Value-Added Services

Bus. App. Network Utilities Components

bi e liti s

Enterprise
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved.

MSPs
Cisco Public

Integrators

ISVs
11

Application eXtension Platform

June 2008

Secure Network Integrated Infrastructure to Host Branch Applications

SDK and Development Portal AXP Partner Program
256 MB, 1 GB, Intel Celeron

AIM-102

NME-302/522

Embedded Lightweight Apps

512 MB–2 GB, 80/160 GB, Intel Celeron Pentium M

AXP Development Services AXP Advanced Services

General-Purpose and Packet Services . Advanced Services

Linux-based integration environment Certified libraries to implement C, Python, Perl, and Java applications Multiapp support with ability to segment and guarantee CPU, memory, and disk resources Extensible Cisco CLI with Cisco IOS® APIs Cisco ISR 1841, 2800, 3800 Series support
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

Customer Benefits
Server consolidation Lowers branch TCO Network/app integration Standards compliance— HIPAA, PCI, SOX, etc. “Green”
12

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

6

AXP Use Cases

Design/Configuration of Common Deployment Models

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

13

Network-Aware Applications
Use Case: Router Configured with High Bandwidth Link for Primary, Low Bandwidth Link for Failover Application Utilizes High Bandwidth Link to Provide Services to Local Clients Network Failover with Typical Application Router fails over to low-bandwidth link Application is not aware of the drop in capacity Continues with normal operation Loss of service and unpredictable behavior occurs AXP Network-Aware Application Router notifies application of bandwidth change Application queries router to determine the current state of the outage
Dynamically alters router settings based on business rules Settings based on business situation (time of day)… WAN

Normal Operation

X
Network Failover

WAN

X

WAN

Application alters behavior based on new information
Requests low-bandwidth version of data Limits requests to high priority items only
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

Network Failover with AXP App

14

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

7

High Availability—Network-Based Failover for Branch Applications
Branch utilizes a local AXP-based embedded application
Branch initiates a request Router intercepts request and delivers to the AXP-based app AXP application responds to branch

If the local instance fails, the router bypasses the intercept and forwards the request to a centralized global failover server

Utilizes the network for redundancy Supports standard TCP based applications Saves on costly HA infrastructure in the branch
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

X

15

Use Case: Custom Network Services
Problem
IT policy prevents deployment of additional physical servers in the branch Difficult to perform basic network management or troubleshooting

Solution
Custom network utilities to monitor and troubleshoot the network X-Windows access allows admin to view packets and utility results in real-time Custom SLA utilities to measure performance Augmented with Cisco-supported network utilities

Benefits
Platform to enable service providers to enable their own tools and monitoring utilities Management of customer networks—new services Local survivability of business services
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

16

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

8

Use Case: Packaged Network Utilities
Problem
Various core network-based services such as DNS, DHCP, and AAA need to be resident in each remote site, but centrally managed WAN

Solution
ISR with AXP hosting multiple common network utilities (DNS, DHCP, TFTP, AAA) Remote Site

Benefits
Better service to end-customer (performance, availability) Integrated solution with lower TCO than other solutions No additional appliances; conservation of physical space Centrally managed
BRKDEV-1001 14592_05_2008_c1

AAA DNS DHCP NTP …

Syslog TFTP Telnet SNMP

Local Network-Based Utilities for LAN-Side Clients, WAN Outage Survivability, etc.
17

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

Use Case: Unified Communication (UC Apps)
Examples
Speech capabilities at enterprise branches
Speech capability on ISR blade can be leveraged by multiple applications: IVR, Cisco Unity® Express, Contact Center Express
Cisco ISR
Cisco IOS
Configuration Monitoring Event Trigger

AXP Module
Logging/Debugging Facilities

Cisco CallManager Express Control Plane Data Plane AUX GE-1 GE-2

Third-Party Applications

Cisco IOS Interface

CUAE AXP

Branch voice recording
Lightweighted recording/ retrieval modules on ISR to support ad-hoc recording, to minimize WAN bandwidth and support recording survivability

UC apps ported on AXP UC apps interwork with CME AXP offers hosting environment and Cisco IOS integration

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

18

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

9

AXP Architecture and Technical Overview

Overview of the Service Module and the Host ISR Platform

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

19

AXP Technical Overview
Dedicated Application Resources
Dedicated CPU, memory, and disk Application separated from core router functionality Cisco IOS

Cisco ISR
AXP Module
Configuration

Logging/Debugging facilities

Standards-Based Hosting Infrastructure
Hardened Cisco Linux OS with virtualization Complete install/upgrade packaging utilities Full appliance functionality Logging and debugging infrastructure
AUX

Monitoring

(C/C++) App Perl/Python Virtual Instance

Java Application OSGI Java Virtual Instance

Cisco IOS Interface

Event Triggers

Control Plane Data Plane GE-1 GE-2

Extensible Cisco IOS-Like CLI

Cisco Linux OS

Programming Support
Support for Native x86 C/C++ Java support with optional OSGI and Tomcat Scripting support (BASH, Perl, Python)

Cisco IOS APIs integrate the Application into the Network
Programmatically configure and monitor Cisco IOS React to changes in network conditions Programmatically influence routing, QoS, and IP-SLA Monitor packets flowing through network
20

Value-Added Features
Serial tunneling providing application access to external devices Syslog server to store logs from router and other local devices NetFlow collector to persist and analyze flows locally
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

10

AXP—Virtualization
AXP natively supports virtualization
Enhanced security Library independence Resources isolation Minimal memory overhead

CPU
Index Remaining

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

21

Supported Hardware
AIM-APPRE-102-K9
CPU: 300 Mhz Memory: 256 MB Compact Flash: 1 GB
1841 2801 2811 2821 2851 3825 3845
Cisco Public

ISR Routers Supported
AIM 102 Y Y Y Y Y Y Y Y Y Y Y Y Y Y
22

NME 302

NME 522

NME-APPRE-302-K9
CPU: 1.0 Ghz Memory: 512 MB Disk: 80 GB

NME-APPRE-522-K9
CPU: 1.4 Ghz Memory: 2 GB Disk: 160 GB
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved.

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

11

Networking
eth1

AXP Blade (NME)
eth0
Gigabit Ethernet Backplane

AXP Blade (AIM)
eth0
Fast Ethernet Backplane

Linux

Integrated Service Engine 1/0 Interface

Service Engine 0/0 Interface

Cisco IOS

WAN

WAN Int

LAN Int

LAN

Cisco ISR (Router)
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

23

Development Cycle

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

24

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

12

Development Process (SDLC)
1. Develop in dev environment (FC4 is binary compatible, other versions supported by updating libraries) 2. Package
Package AXP pkg (use wrapper scripts)

3. Install on AXP blade
Install AXP package FTP or rsync files (executable update)

4. Test/debug
Linux shell Review messages.Log

5. Synchronize files
Local app logs/syslog in VI

6. Package final working application
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

25

Accessing the Guest Shell
Each installed application has its own virtual instance and shell To access the shell you can implement one of these two methods
Method 1 Your application can depend upon package axp-appdev.<platform>.<version>.pkg This debug package also supports SSH access to the application guest shell and rsync Method 2 You can include a post-install.sh script in your build; in this script you’ll create a symbolic link to /bin/bash #!/bin/sh ln –s /bin/bash /bin/console Be sure to make this script executable and reference it in your packaging command line
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

26

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

13

Development Process—Production
SDK Develop Package Installation
Source Code Development Machine
Linux (FC4) Tools (Compiler, Make, IDE) SDK (Packaging Scripts, API Headers/Libs for Various Languages) Compile

Binaries
Package

ISR
Auth File + Private Key

AXP .pkg AXP Blade
CLI> software install add url ftp://.....AXP.pkg

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

27

AXP SDK

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

28

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

14

AXP SDK
File name
axp-sdk<version>.tar.gz

Includes
Packaging and bundling tools RPM extractor: rpm_extractor.sh Package information: pkg_info.sh Package builder: pkg_build.sh Library dependency checker: pkg_check.sh APIs CLI plug-in utility tools

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

29

Packaging and Installation

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

30

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

15

Application Packaging
Vendor’s X.509 Certificate (Includes Public Keys) Checksum of Certificate Encrypted with AXP Private key Vendor’s Private Key Application Files

Sign Application Files

Compress Application Files

Install/Update

Signed Application Bundle
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

31

Security Enforcement via Certificate
Unauthorized software will not be allowed to be loaded into operating system
Enforced through cryptographic signatures Verify packages have been signed by Cisco

Application vendors will not have access to private Cisco keys for package signing
Need to manage their own public/private key pairs

Managing permissions
Cisco responsible for managing permissions to install software into AXP environment Cisco will provide third-party vendors a checksum of their X.509 certificate encrypted with AXP OS private key key becomes authorization
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

32

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

16

Application Authorization Process
2 3 1 4 6
Trusted Certificate Authority Application Vendor

5
Cisco

1. Generate certificate request 2. Request certificate signing to TCA 3. TCA responds with signed X.509 certificate 4. Request software development authorization (include signed certificate) 5. Verify certificate authority 6. Respond with software development authorization certificate
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

33

Install, Uninstall, Upgrade—Commands
Installing packages from FTP directory
software install add url <url> (for anonymous ftp directory) software install add url <url> username <user> password <pass>

Uninstalling packages
Software uninstall

Upgrading packages
Third-party upgrade applications must meet the following criteria UUID must match application being upgraded Name must match application being upgraded Version must be different than the application being upgraded Commands software install upgrade url <url> (for anonymous ftp directory) software install upgrade url <url> username <user> password <pass>

Software changes will cause service module to reboot
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

34

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

17

API

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

35

API Overview
Languages supported
Most of the APIs support: C/C++, Java, Python, and Perl

Cisco IOS Service API (CLI)
Query and configuration capabilities into Cisco IOS router configuration

CLI Service API (CLI)
Query and configuration capabilities into AXP service module configuration

AXP Triggering API
Leverages Embedded Event Manager (EEM) Send notifications to the application based on events; allows the application to react to network conditions, changes to Cisco IOS configuration and other Cisco IOS events

Network packet monitoring
Mechanisms to send packets to third-party application for analysis or processing Promiscuous mode

Serial device control
Access to serial port on Cisco IOS router where blade is deployed

Other add-on packages
Discuss functionality
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

36

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

18

Cisco IOS Service API
Application must depend upon package
axp-iosapi.<platform>.<version>.pkg

Netconf over Beep must be configured Can run user or privileged mode commands, i.e., ‘show …’ to receive router configuration data and ‘config t …’ to configure the router Cisco IOS CLI

Cisco IOS Service API

Application

Return_value(s)

BRKDEV-1001 14592_05_2008_c1

Cisco IOS Services
37

Config_command(s) Exec_command(s)

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

CLI Service API
No application dependency required since functionality is built in Can run user or privileged mode commands, i.e., ‘show …’, ‘config t …’ on router

Return_value(s)

BRKDEV-1001 14592_05_2008_c1

Cisco IOS Service API

Application

AXP CLI

Config_command(s) Exec_command(s)

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

38

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

19

AXP Triggering API
Application must depend upon package
axp-eemapi.<platform>.<version>.pkg

Leverages the Embedded Event Manager—EEM for event detection and tracking Applications register and listen to the events through EEM APIs Embedded Cisco IOS events trigger an message via TCP to AXP EEM daemon (e.g., config change, interface state change) AXP Service Module

Cisco IOS Router
TCL Script EEM
TCP

Application
Call Back

API Manager
IPC EEM Daemon

Event Detector
39

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

AXP Triggering API (Cont.)
Embedded Event Manager (EEM)
Cisco IOS notifications to applications on AXP Wide range of events can be notified to the applications

EEM supports the following Cisco IOS images
IP-Voice Adv-Security Adv-Enterprise

At event occurrence
TCL script is triggered by EEM Event will be delivered to EEM event daemon on AXP host side Event is then dispatched to registered application
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

40

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

20

Event Types Supported
Event Mapping
Event aapl cli counter interface ioswdsysmon none oir snmp syslog timer timer_subscriber ios_config (Cisco IOS Event)
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

Corresponding TCL Event Type event_register_appl event_register_cli event_register_counter event_register_interface event_register_ioswdsysmon event_register_none event_register_oir event_register_snmp event_register_syslog event_register_timer event_register_timer_subscriber [No Value]
41

Promiscuous Packet Monitoring—API
No package dependency is required Configure the ISR to copy packets to the service module; this configuration can be done via the Router IP Traffic Export (RITE) or Interface Monitoring features available via Cisco IOS RITE provides more granular control because it supports Access Control Lists (ACL), but will not copy router generated packets The AXP kernel is configured with the following directly accessible features:
Raw socket interface (CONFIG_RAW) Raw socket memory mapped mode (CONFIG_RAW_MMAP) Socket filtering

The raw socket interface is compatible with the higher level abstraction of libpcap and MMAP packet access
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

42

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

21

Remote Serial Device API
Application must depend upon package
axp-vserial.<platform>.<version>.pkg

Local AXP host TTY device interacts with the external Cisco IOS serial device Serial device must be RFC 2217 compliant
Device: i.e., /dev/modem, /dev/gps

Serial port settings (e.g., baud rate) configured through Cisco IOS AXP Blade Application
/dev/ttyx
BRKDEV-1001 14592_05_2008_c1

Cisco IOS Router
Async/Aux Port

Tunnel

External Serial Device

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

43

Other Add-On Packages
Open Services Gateway Initiative (OSGi)
axp-prosyst-mbs6.<platform>.<version>.pkg Allows Java applications to be remotely started, stopped, installed, updated, and uninstalled

Tomcat
axp-tomcat5.<platform>.<version>.pkg Package to embed Apache Tomcat

SSH
axp-ssh-4.6p1-k9.<platform>.<version>.pkg Enables SSH tunneling to the application

Perl
axp-perl-5.8.8.<platform>.<version>.pkg Provides Perl language support
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

44

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

22

CLI Plug-In

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

45

CLI Plug-In
Allows hosted applications to add commands to the CLI Application must depend upon package
axp-cli-plugin.<platform>.<version>.pkg

Components
CLI plug-in XML definition file Defines the commands specified by the user to execute the action script Action Executable file that runs when the CLI command is issued Application Must include a call to startCLIDistributionVMThread Starts CLI plug-in listener Must not terminate
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

46

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

23

CLI Plug-In Work Flow
Service Module
CLI Command Console
3 7 1
XML (Commands, Action Class)

AXP CLI Server
4 2 6 5

Application (Listener)

Action Class

1. Register 2. Start up 3. Command entered 4. Send to Listener
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

5. Receive/Respond 6. Pass to CLI Server 7. Pass to CLI Console

47

CLI Plug-In (Cont.)
Sample XML Definition File Java Sample for Class

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

48

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

24

CLI Plug-In Application—Java Example
import com.cisco.aesop.apphosting.cli_distribution.CLIDistributionVM; import java.io.*; import java.lang.*; public class MyAppMgr{ public void sendStatus(String name, String status, PrintWriter pw){ try{ Runtime rt = Runtime.getRuntime(); rt.exec("/bin/app_status_notifier " + name + " " + status); } catch(Exception e){ System.out.println("Send of status failed. Exception " + e.getMessage(),pw); } } public static void main(String[] args){ MyAppMgr mgr = new MyAppMgr(); try{ mgr.sendStatus("showtime","INITIALIZING",pw); //showtime is the name of our package. CLIDistributionVM.startCLIDistributionVMThread("showtime"); Object obj = new Object(); synchronized(obj){ mgr.sendStatus("showtime","ALIVE",pw); pw.flush(); obj.wait(); } } catch(Exception e){ System.out.println("Exception " + e.getMessage(),pw); } finally{ mgr.sendStatus("showtime","DOWN",pw); } } }
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

49

CLI Plug-In Application—Results
Booting: [########################################################>] 100% SYSTEM ONLINE se-10-1-1-20> app-service showtime se-10-1-1-20(exec-appservice-showtime)> show time Mon, 17 Mar 2008 16:38:35 se-10-1-1-20(exec-appservice-showtime)>

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

50

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

25

Debugging

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

51

Application Health Status
Application App_A App_B App_C State (VI) Online Online Offline Health (App) — Alive/Down Initializing — Meaning VI Running; App Health Unknown VI Running; App Health Known VI Is Down; App Is Down

AXP provides an API call for an application to report its health. Note: AXP will not actively monitor application health values. The application has to report its health to the AXP host.
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

52

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

26

Commands for Debugging
Viewing state and analyzing the logs
show app-service state show process show log name messages.log containing <application name> paged show log name messages.prev.log containing <application name> paged show errors

Analyze trace buffer
show trace buffer

Check interface, in case of network-related issues
show interfaces <interface>
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

53

Failure Detection

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

54

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

27

Watchdog Scripts
Scripts should be put in /opt/app_status_monitor/watchdogs/ Scripts should have execution permission All scripts in directory will be executed Names can use the following pattern: W**<name>.sh (ex W01myapp.sh), if order is important Returned status code of zero indicates the application is healthy and alive Any script with non-zero return status, will be logged A threshold can be set to determine when a virtual instance is rebooted
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

55

Watchdog Scripts—Shell Script Example
#!/bin/bash APP=test.sh APPNAME_NO_EXT=test PID_FILE=/var/run/${APPNAME_NO_EXT}.pid if [ ! -e $PID_FILE ]; then exit 1; fi PID_FROM_FILE=`cat ${PID_FILE}` for x in `ps -ef|grep $APP |awk '{print $2}'` do if [ $x == "${PID_FROM_FILE}" ]; then exit 0 else exit 1 fi done
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

56

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

28

Q and A

Send Questions to: axp-questions@cisco.com

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

57

Recommended Reading
Continue your Cisco Live learning experience with further reading from Cisco Press Check the Recommended Reading flyer for suggested books

Available Onsite at the Cisco Company Store
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

58

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

29

Complete Your Online Session Evaluation
Give us your feedback and you could win fabulous prizes. Winners announced daily. Receive 20 Passport points for each session evaluation you complete. Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Don’t forget to activate your Cisco Live virtual account for access to all session material on-demand and return for our live virtual event in October 2008. Go to the Collaboration Zone in World of Solutions or visit www.cisco-live.com.

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

59

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

60

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

30

Supplement

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

61

Functionality—Runtime—Startup
AXP platform runs on a Cisco version of the Linux Standard Base (LSB) and supports kernel 2.6.14 Cisco Linux OS and services will complete startup prior to any virtual instances starting Verify application integrity After virtual instance is started, control is handed to individual init programs in guest OS (/etc/rc.d/init.d) Third-party applications are started by guest OS startup scripts This Controlled Sequence Ensures Corrupt Applications Do Not Affect Other Applications
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

62

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

31

Router Cisco IOS Version Requirements
All Cisco IOS images must be crypto, and version 12.4(15)T3 or higher Cisco IOS image supported types
IP-Base IP-Voice Adv-Security Adv-Enterprise

For the Embedded Event Manager API, IP-Base is not supported because EEM is not available in this image

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

63

Configuring AXP Blade Interface on the ISR—Method 1
IP unnumbered configuration
interface GigabitEthernet0/0 ip address 10.1.1.2 255.255.255.0 duplex auto speed auto no mop enabled ! interface Integrated-Service-Engine1/0 ip unnumbered GigabitEthernet0/0 service-module ip address 10.1.1.20 255.255.255.0 service-module ip default-gateway 10.1.1.2 no keepalive ! ip route 10.1.1.20 255.255.255.255 Integrated-Service-Engine1/0
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

64

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

32

Configuring AXP Blade Interface on the ISR—Method 2
IP numbered configuration
interface GigabitEthernet0/0 ip address 10.1.1.3 255.255.255.0 duplex auto speed auto no mop enabled ! interface Integrated-Service-Engine1/0 ip address 10.1.2.6 255.255.255.0 service-module ip address 10.1.2.7 255.255.255.0 service-module ip default-gateway 10.1.2.6 no keepalive

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

65

Packaging and Bundling Applications
Overview
The following pieces of information must be supplied at the time an application is to be packaged
Project directory Third-party development certificate location Cisco development authorization file location Third party private key location Application name Application version Application description (optional) Application UUID (recommended) Application files location Package dependencies Disk limit (MB) Memory limit (MB) CPU limit (in CPU index points) Postinstall script (optional)
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

66

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

33

Example CLI Commands
Packaging and Bundling
Package building tool
pkg_build --project-dir ‘/xyz-source’ --dev-cert ‘/xyz_source/x509.sig’ -dev-auth ‘/xyz_source/dev_auth.sig’ --private-key ‘/xyz_source/privkey.sig’ --name ‘xyz’ --version ‘1.0’ --description ‘XYZ Utility’ --source-dir ‘/xyz_source/root_fs’ --uuid ‘f93f3d5f-84e7-435e919f-74f59c66ba77’ --deps ‘cc1b5b06-6b17-42c9-b9dd88c29674b390,all’’ --disk-limit ‘1500M’ --memory-limit ‘256M’ --cpu-limit ‘1000’

Package bundling tool
pkg-bundle --project-dir ‘/xyz-source’ --private-key ‘/xyz_source/privkey.txt’ --output ‘dist-bndle-xyz’ ‘axp-app-dev.nme.1.0.1.pkg’ ‘xyz-1.0.pkg’

Try to store your packaging CLI in an executable script so that you don’t have build packages in an interactive mode; this will speed up development process
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

67

Packaging—Suggested Deployment Details
/usr/local/<app> /usr/local/<app>/lib + LD_LIBRARY_PATH /usr/local/<app>/bin/postinstall.sh
#!/bin/sh ln -s /bin/login.sh /bin/console

/usr/local/<app>/bin/login.sh
#!/bin/sh /bin/bash -login

chmod a+x postinstall.sh; chmod a+x login.sh Relative symbolic links, not absolute Use pkg_check.sh utility to identify library file dependencies; the library dependency checker tool looks for dependencies of packaged binary files in the default /lib directory; the checker tools list any binary files with unsatisfied dependencies and any corresponding missing libraries Pay attention to resource parameters to make sure that your hosting environment has appropriate available resources on service module type ‘show resource limits’
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

68

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

34

Cisco IOS Service API— Java Application Example
import com.cisco.aesop.apphosting.iosapi.*; import java.io.*; public class IOSTest{ public static void main(String[] args){ final String cmd="int gig0/0;description brett added this one"; try { IosServiceAPI iosapi = IosapiFactory.getIosApi("commonservice"); IosapiMessage msg = new IosapiMessage(); msg.setRequest(cmd); int status = iosapi.config(msg); if(IosServiceAPI.FAIL == status){ System.out.println("Ios Api Call failure of command '" + cmd + "' Message: " + msg.getResponse()); } else{ System.out.println("Status:'" + status + "' Command '" + cmd + "'response:" + msg.getResponse()); } } catch(Exception e){ System.out.println(e.getMessage()); } finally{ System.out.println("App done"); } } }
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

69

CLI Service API— Java Application Example
import com.cisco.aesop.apphosting.iosapi.*; import java.io.*; public class AppreCall{ public static void main(String[] args){ final String cmd=“show run"; try { int status; CommonServiceImpl apiCall = new CommonServiceImpl(); AppreMessage msg = new AppreMessage(); msg.setRequest(cmd); status = apiCall.exec(msg); if(AppreAPI.FAIL == status){ System.out.println(“CLI Service Api failure of command '" + cmd + "' Message: " + msg.getResponse()); } else{ System.out.println("Status:'" + status + "' Command '" + cmd + "'response:" + msg.getResponse()); } } catch(Exception e){ System.out.println(e.getMessage()); } finally{ System.out.println("App done"); } } }
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

70

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

35

EEM—Defining Your Event to Be Tracked
File name eem_config.xml must be placed into build source directory /usr/eemapi Example event
<Events> <event name="myiosevent" type="ios_config" /> </Events>

If you track ios_config type events you must configure NETCONF over BEEP protocols in your router and service module Tracking other event types requires that the router and service module be configured with the same username and password
Router: username <name> privilege 15 password <passwd> Service module: username ios <name> password <passwd>
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

71

EEM—Java Application Example
import com.cisco.aesop.apphosting.eemapi.*; class MyEventHandler extends EventHandler{ MyEventHandler(){ super(null); } public void callback(String eventName, String eventType, String eventInfo){ System.out.println("callback received event " + eventName + " of type " + eventType + " info " + } public static void main (String args[]){ final String EVENT = "ios_config"; EventManager em = null; try{ Object obj = new Object(); MyEventHandler eh = new MyEventHandler(); em = EventManager.getInstance(); if(em.Register(eh,EVENT)==1){ synchronized (obj){ obj.wait(); } else{ System.out.println("Failed to register events " + EVENT); } } catch(Exception e){ System.out.println("Caught exception " + e.getMessage()); } finally{ if(em!=null){ em.Deregister() } }

eventInfo);

} }
BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

72

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

36

NPM—C Application Example
#include <stdio.h> #include <sys/socket.h> #include <sys/types.h> #include <linux/if_ether.h> #include <linux/if_arp.h> #include <errno.h> int main (int argc, char* argv[]){ int result = 0; int s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); if(s != -1){ struct sockaddr_ll socket_address; socket_address.sll_family = AF_PACKET; socket_address.sll_protocol = htons(ETH_P_ALL); bind(s, (struct sockaddr*) &socket_address, sizeof(socket_address)); char* buffer= (char*)malloc(ETH_FRAME_LEN+1); int length; while(1){ length=recvfrom(s, buffer, ETH_FRAME_LEN,0,NULL,NULL); if(length > 0){ buffer[length]='###BOT_TEXT###'; printf("data length %d\n",length); } else if (length == -1){ printf("Socket listener error %d\n",errno); result = length; break; } } printf("Socket creation error %d\n",errno); result = s; } return result; }
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

} else{

73

Remote Serial Device— C Application Example
#include <stdio.h> #include <fcntl.h> int main(int argc, char* argv[]){ char *dev; int fd; printf("starting program\n"); if(argc > 1) { dev = strdup(argv[1]); } else{ dev = strdup("/dev/modem"); } fd = open (dev, O_RDWR | O_NONBLOCK | O_NOCTTY | O_NDELAY); printf("file descriptor is %d.\nExiting program\n", fd); }

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

74

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

37

Remote Serial Device— Router Configuration
sasl profile SASL_PROFILE mechanism anonymous interface Serial0/0/0 physical-layer async no ip address encapsulation slip line 0/0/0 no exec transport input telnet speed 115200 netconf max-sessions 16 netconf beep listener 2000 sasl SASL_PROFILE

BRKDEV-1001 14592_05_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

75

Remote Serial Device— Service Module Configuration
netconf beep initiator 10.1.2.6 2000 netconf max-sessions 16 app-service remoteSerialDevTest bind interface eth0 hostname se-10-1-2-7 bind serial vtty000 modem

Note: The device vtty000 is the device name provided by the command ‘show device serial’
BRKDEV-1001 14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

76

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

38