BRKSDN-2666 (2018)

BRKSDN-2666
IOS XE Architecture and

Programmability
Jeff McLaughlin, Principal TME

Cisco Spark
Questions?
Use Cisco Spark to communicate
with the speaker after the session
How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
cs.co/ciscolivebot#BRKSDN-2666
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
• Introduction
• Why Programmability?
• IOS XE Evolution
• Database Architecture
• Data Models
• Application Hosting
• Conclusion
Computing in the 1990s...
BRKSDN-2666 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Configuring a BGP neighbor then...
router# config t
router(config)# router bgp 100
router(config-bgp)# neighbor 1.1.1.1 remote-as 100
Configuring a BGP neighbor now...
router# config t
router(config)# router bgp 100
router(config-bgp)# neighbor 1.1.1.1 remote-as 100
Has anything really changed?
OS 6.0 released IOS XE 3.x Polaris
"Top Gun" released BinOS IOS XE 16.x
1986 2007 2015
1984 1993 2010

IOS 9.x IOS XE 3.x
Cisco founded
Windows 3.1 NOVA
Prince Harry born
Why programmability?
Why automation and programmability?
hostname switch1
int g0/0
ip address 10.1.1.11/24
vlan 100,200,300
.
Needs to configure
Administrator
.
.
hostname switch6
int g0/0
ip address 10.1.1.16/24
vlan 100,200,300
Notepad is the most common automation tool. It’s just a very bad automation tool.
...
Programmability Reason #1 Do repetitive and tedious tasks more easily
52037606 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
if error counters too high:

then shutdown interface*
* pseudo-code
Programmability Reason #2 Programmatic Control of network devices
party apps
Cisco ISE
NETCONF REST API
Catalyst switches
DNA Center
Programmability Reason #3 Interaction between network devices and other systems
Transactionality
int g0/0
ip address 10.1.1.0/24
no shutdown
router bgp 65001
router-id 172.17.1.99
bgp log-neighbor-changes
neighbor 192.168.1.2 remote-as 40000
neighbor 192.168.3.2 remote-as 50000
address-family ipv4 unicast
neighbor 192.168.1.2 activate
network 172.17.1.0 mask 255.255.255.0
exit-address-family
Programmability Reason #4 Stop bad configuration being committed to devices
Operational Simplification
How to find the red

user's switch/port?
# ping 172.16.100.101
# show arp | i 172.16.100.101
# show mac address-table address 001a.a24d.5141
# show cdp neighbor g0/1 detail
How to find the red

user's switch/port?
# show cdp neighbor g0/10 detail
How to find the red

user's switch/port?
How to find the red

user's switch/port?

Vlan Mac Address Type Ports
---- ----------- -------- -----
244 001a.a24d.5141 DYNAMIC Gi0/15
Programmability Reason #5 Automate complex troubleshooting tasks
IOS XE Evolution
Classic IOS Challenges
Monolithic
Process not independent of one another
Unified control/data plane

No clean separation between path calc. and forwarding
Common Memory
Config/oper data centralized, not easily shared
Classic vs. IOS XE Architecture
Classic IOS IOS XE 16.x
Hosted Apps
IOSd
Feature Components IOSd IOSd
IOS Sub- LXC LXC VM
Systems
Common Infra Common Infra
Module Drivers Module Drivers IOS XE

DB
Kernel Kernel
IOS XE: Linux-based OS
Standard operating system
Easier development process
Hosting of other applications
IOS XE: Capability for restartable Processes
Independent processes instead of monolithic
Config/State stored external to process
Some development still in progress
IOS XE: Database Architecture
Separation of config/oper data from processes
Clearly structured data
Easy export of structured data

<<enumeration>>
crimson_linestate
enumeration literals
LINE_UP
LINE_DOWN
LINE_ADMIN_DOWN
Structured Data
Structured vs Unstructured Data
Un-structured
Structured
John Smith 42 14155551212 Name: John Smith

Age: 42
Phone: +1-415-555-1212
What is this?
• His age? Keys Values

• The year he graduated college?
• Meaning of life, the universe & everything?
Hierarchical Structured Data (XML-like)
<user1>
First User
{ <name>John Smith</name>
<age>42</age>
<phone>+1-415-555-1212</phone>
</user1>
<user2>
Second User
{ <name>Sarah Kim</name>
<age>27</age>
<phone>+1-718-555-1212</phone>
</user2>
Ancient unstructured data
COULDYOUREADITIFWEWROTELIKETHIS
WITHNOPUNCTUATIONITISHARDTOFIGUR
EOUTWHEREONEWORDORSENTENCEBE
GINSORENDSANDITISNOTEASYTOSEPAR
ATEOUTALLTHEELEMENTSOFTHETEXTTH
ANKGOODNESSSOMEONECAMEUPWITHA
BETTERWAY
Note inconsistent “key” format!
switch1# sh int e1/10
Ethernet1/10 is up
Hardware: 1000/10000 Ethernet, address: 0005.73d0.9331 (bia 0005.73d0.9331)
Description: To UCS-11
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Switchport monitor is off
EtherType is 0x8100
Last link flapped 8week(s) 2day(s)
Last clearing of "show interface" counters 1d02h
30 seconds input rate 944 bits/sec, 118 bytes/sec, 0 packets/sec
30 seconds output rate 3110376 bits/sec, 388797 bytes/sec, 5221 packets/sec
CLI = Unstructured Data
Configuration vs. Operational data
Configuration data tells the device what to do. It is Operational data tells us how a device is operating,
data that you see in a “show run”. from show commands other than “show run”.
# sh run int g0/0 # sh int g0/0

GigabitEthernet0/0 is up, line protocol up
interface GigabitEthernet0/0 Hardware is RP management port
description Management Interface Description: Management Interface
vrf forwarding Mgmt-vrf
ip address 172.26.244.49 255.255.255.0
We can write configuration data (think “conf t”), Operational data is read-only.
and we can read configuration data (think “show
run”).
Some data can be read either as config data or

operational data!
Database Architecture
What data does IOS XE need to store?
BGP
Configuration Data
IP Address: 172.26.244.110
Remote ASN: 65010
Description: Lab Internal BGP peer
MD5 password: cisco123
What data does IOS XE need to store?
BGP
Operational Data
State: ACTIVE
Peer uptime: 2d10h32m
Messages Sent/Received: 14533/15830
Routes Sent/Received: 252/174
<internal operational data>
BGP Code
IOS Memory
/* BGP neighbor structure. */ Interfaces AAA
typedef struct peer
{
STP EEM SSH
char *desc; /* Description of the peer. */
unsigned short port; /* Destination port for peer */
char *host; /* Printable address of the peer.*/ BGP Unused IPSec
time_t uptime; /* Last Up/Down time */
time_t readtime; /* Last read time */ STP QoS ACLs
time_t resettime; /* Last reset time */
...etc... SLA OSPF WCCP
}
Note: Memory for a process is probably not going to be contiguous! Simplified for slide.
Database Architecture Goals
Database
BGP Code BGP State BGP Code
Decouple state from the code that is managing it.
Database
BGP Code
Process Restartability while retaining process data
Database
BGP Code
Database
BGP Code
Database
OSPF Code
BGP Code
Standardized Read/Write from multiple processes
DB
TDL -> NETCONF/RESTCONF

YANG
Standardized data structure for easy export

YANG Data Models
Open Programmable APIs
Simplified View
NETCONF
RESTCONF
gNMI/gRPC
gNMI
NETCONF RESTCONF
gRPC
Protocols
CLI
Parser
Data Model YANG Models
Device Features
Device
Interface BGP QoS ACL … Features
XML vs JSON
{
<interfaces xmlns:=“[…]yang:ietf-interfaces”> "ietf-interfaces:interfaces": {
<interface> "interface": [
{
<name>eth0</name> "name": "eth0”,
<type>ethernetCsmacd</type> "type": "ethernetCsmacd”,
<location>0</location> "location": "0”,
<enabled>true</enabled> "enabled": true,
<if-index>2</if-index> "if-index": 2
}
</interface> ]
</interfaces> }
}
NETCONF NETCONF/RESTCONF
Error!
<interface>Gigabit 1/0</interface>
<ifaddr>10.0.0.1/24</ifaddr>
Sends
Expecting
Expecting:
<interface>
<name>Gigabit 1/0</name>
<address>10.0.0.1/24</address>
</interface>
So why do we need YANG?
<interface>Ethernet 0/0</interface>
<name>Switch1 to UCS1</name>
<ipaddr>1.1.1.1/24</ipaddr>
<name>Ethernet 0/0</name> Question: Which of these is correct?

<descr>Switch1 to UCS1</descr>
Answer: They all are!
<ip>1.1.1.1/24</ip>
<ifname>Ethernet 0/0</ifname>
<ifalias>Switch1 to UCS1</ifalias>
<ifaddr>1.1.1.1/24</ifaddr>
YANG Data Models
container ip {
list vrf { vrf red
rd 1:1 <vrf>red</vrf>
leaf rd
<rd>1:1</rd>
}
}
YANG Data XML

Model Data
YANG models do not contain data or XML.

YANG models are like templates used to generate consistent XML.
YANG Data Models
<vrf>red</vrf>
<rd>1:1</rd>
container ip {
list vrf { vrf red
leaf rd rd 1:1 XML
}
}
{“vrf”: “red”
YANG Data “rd”: “1:1”}
Model
JSON
YANG models can be used as a template for generating structured

data in many different formats.
YANG Configuration Model Example*
container ip { YANG <ip> XML
list vrf { <vrf>
description <name>vrf_red</name>
"Configure an IP VPN Routing/Forwarding <rd>65000:1</rd>
instance"; </vrf>
<vrf>
leaf name { <name>vrf_green</name>
type string; <rd>65000:2</rd>
} </vrf>
</ip>
leaf rd {
description ip vrf vrf_red CLI
"Specify Route Distinguisher"; rd 65001:1
type rd-type; !
} ip vrf vrf_green
} rd 65001:2
} !
* Note: YANG model simplified for clarity BRKSDN-2666 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
So why is this:
<ip>
<vrf> ...better than this?
<name>vrf_red</name> ip vrf vrf_red
<rd>65000:1</rd> rd 65001:1
</vrf> !
<vrf> ip vrf vrf_green
<name>vrf_green</name> rd 65001:2
<rd>65000:2</rd> !
</vrf>
</ip>
CLI
ip vrf vrf_red
rd 65001:1
!
ip vrf vrf_green
rd 65001:2
!
• Good for human consumption

• Unstructured from a machine perspective
YANG-structured data
<ip>
<vrf>
<name>vrf_red</name>
<rd>65000:1</rd>
</vrf>
<vrf>
<name>vrf_green</name>
<rd>65000:2</rd>
</vrf>
</ip>
• Designed for machine consumption

• Directly convertible to/from Python dicts!
Where are YANG models?
Models installed on device automatically with IOS-XE.

On some devices/versions, can be updated independently
Models installed on device automatically with IOS-XE.

On some devices/versions, can be updated independently
https://github.com/YangModels/yang/tree/master/vendor/cisco
Also can be downloaded from GitHub.
Who defines the YANG models?
Vendors Standards Bodies
• Only work on specific vendor devices • Multi-vendor support

• Greater feature coverage • More limited feature coverage
• Can be OS-unique (IOS-XE, XR, etc.) • Allow vendor-specific extensions
Sometimes called "native"
Important Point!
Cisco’s data models and IETF/OpenConfig data models are just two ways of doing the same thing.
<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces"> IETF-defined model

<interface>
<name>GigabitEthernet 1/0/24</name>
<description>Configured by NETCONF!</description>
</interface>
</interfaces>
Both of these do exactly the same thing!
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native"> Cisco-defined “native” model

<interface>
<GigabitEthernet>
<name>1/0/24</name>
</GigabitEthernet>
</interface>
</native>
Important Point!
Cisco’s data models and IETF/OpenConfig data models are just two ways of doing the same thing.
<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces"> IETF-defined model

<interface>
<name>GigabitEthernet 1/0/24</name>
</interface>
</interfaces>
switch# show run interface g1/0/24
interface GigabitEthernet
Both of these do exactly the 1/0/24
same thing!
description Configured by NETCONF!
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native"> Cisco-defined “native” model
<interface>
<GigabitEthernet>
<name>1/0/24</name>
</GigabitEthernet>
</interface>
</native>
Finding and using YANG models
YangExplorer: A Cisco tool for exploring models
Available at:
https://github.com/CiscoDevNet/yang
-explorer
Or just Google: "cisco yangexplorer"
Models on device
Models on device
Models subscribed on YangExplorer
Finding a model, method 1
Either scroll through the

model list or search for a
specific model.
Click “RPC”.
The XML is displayed.

specific model.
Click “RPC”.

specific model.
Click “RPC”.
Model-Driven Telemetry
Real World Telemetry
Where Data Is Created Where Data Is Useful
SNMP
syslog
Applications
CLI
• Interface up/down Network
• Instantaneous config NMS Controller Element
• Instantaneous topology
• Flow fingerprints
• Routes
SNMP Polling
SNMP Get
SNMP Response
...wait 5 mins...
SNMP Get
SNMP Response
...wait 5 mins...
SNMP Get
SNMP Response
NETCONF-based Telemetry (Periodic)
NETCONF Session
YANG Push
...wait 5 secs...
...wait 5 secs...
Periodic subscription
t t t t t t t
Counters / Measures
NETCONF-based Telemetry (On-Change)
NETCONF Session
Model Subscription
(Event)
On Change Push
On-change subscription
t t t t t t t
State / Configuration / Identifiers

Telemetry Demo
Application Hosting
IOx
IOx Orchestration
LXC LXC VM
Multiple apps
App 1 App 2 App 3
External Management Tools
IOx Client Fog Director
On-Box Management Tools
REST
REST
CLI Local Manager
REST
Cisco Application Framework (CAF)/IOx
LXC VM
Linux Process Linux Process
Kernel
Host OS (IOS XE Kernel)
More t o Enhancing Fabric
come functionality through
Hosted Apps
On-Box Python
On-box Python Scripting
CLI
NETCONF
Syslog
Guestshell
Container
Advantages
On-Box
• Access CLI directly on device
• Trigger syslog messages
• Interact with Embedded Event Manager
• Access device bootflash
• Power-On Auto-Provisioning (ZTP)
• Use interactive Python shell
Enabling on-box Python
jemclaug-hh15-c3850-2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
IOX is the container manager,
jemclaug-hh15-c3850-(config)#iox
similar to Docker.
jemclaug-hh15-c3850-(config)#^Z
jemclaug-hh15-c3850-2#guestshell ?
destroy Disable and uninstall the guest shell service package
disable Disable the guest shell service package
enable Enable the guest shell service
run Execute/run program in the guest shell
<cr>
jemclaug-hh15-c3850-2#guestshell enable
The process for the command is not responding or is otherwise Wait for IOX to enable
unavailable
jemclaug-hh15-c3850-2#guestshell enable
Guestshell enabled successfully with tracefile support Success! Python read for use.
On-box CLI APIs
jemclaug-hh15-c3850-2#guestshell run python

>>> from cli import cli
>>> cli('sh iox') cli
'\nIOx Infrastructure Summary:\n------------ Run cli command and return
---------------\nIOx service (CAF) : the raw output of the
Running \nIOx service (HA) : Running command
\nIOx service (IOxman) : Running \nLibvirtd
: Running \n'
On-box CLI APIs
>>> from cli import clip

>>> clip('sh iox')
IOx Infrastructure Summary:

--------------------------- clip
IOx service (CAF) : Running Print the output of a CLI
IOx service (HA) : Running command. (Formatted)
IOx service (IOxman) : Running
Libvirtd : Running
>>>
Catalyst 3850
EEM
Catalyst 3850
1 User changes device config
EEM
Catalyst 3850
EEM
2 Change detected by EEM
Catalyst 3850
EEM
3 EEM Triggers on-box Python script BRKSDN-2666 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
4 Python script diffs configs and sends diff to Spark
Catalyst 3850
EEM
3 Spark posts diff to room
Catalyst 3850
EEM
In Closing
Thanks to engineers who helped!
Pratap Albert Fan Marc

Pereira Mak Sun Faggion
Everything good came from them, any faults or errors are my own.
How do I learn Python?
Automate the Boring Stuff with Python, Al Sweigart

Great introduction to Python focused on automation. (Not specifically network
automation.) Covers Python 3.0 only. Assumes zero knowledge. Read Excel
docs, generate PDFs, etc. Highly recommended.
Real Python. http://realpython.com

Three-part course. Begins with basics assuming no knowledge. Covers Python 2.7
and 3.0. Parts II and III focus on web development with Python. Covers flask,
Django, jinja2 templates. Many resources on the web site for free.
Cisco DevNet
• Learning Labs
• Sandboxes
• API Documentation
• Python, YDK, REST
• And More!
http://developer.cisco.com
• Identify one problem you can solve with a script
• Start small
• Copy and modify scripts from DevNet
• (developer.cisco.com)
Cisco Spark
Questions?
Use Cisco Spark to communicate
with the speaker after the session
How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
cs.co/ciscolivebot#BRKSDN-2666
• Please complete your Online Complete Your Online
Session Evaluations after each
session
Session Evaluation
• Complete 4 Session Evaluations
& the Overall Conference
Evaluation (available from
Thursday) to receive your Cisco
Live T-shirt
• All surveys can be completed via
the Cisco Live Mobile App or the
Communication Stations
Don’t forget: Cisco Live sessions will be available
for viewing on-demand after the event at
www.ciscolive.com/global/on-demand-library/.
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Tech Circle
• Meet the Engineer 1:1 meetings
• Related sessions
Thank you

BRKSDN-2666 (2018)

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BRKSDN-2666 (2018)

Uploaded by

Copyright:

Available Formats

BRKSDN-2666

IOS XE Architecture and

Jeff McLaughlin, Principal TME

1986 2007 2015

1984 1993 2010

Programmability Reason #1 Do repetitive and tedious tasks more easily

if error counters too high:

Programmability Reason #2 Programmatic Control of network devices

NETCONF REST API

Programmability Reason #3 Interaction between network devices and other systems

Programmability Reason #4 Stop bad configuration being committed to devices

How to find the red

How to find the red

How to find the red

How to find the red

# show mac address-table address 001a.a24d.5141

Programmability Reason #5 Automate complex troubleshooting tasks

Unified control/data plane

Common Infra Common Infra

Module Drivers Module Drivers IOS XE

Standard operating system

Easier development process

Hosting of other applications

Independent processes instead of monolithic

Config/State stored external to process

Some development still in progress

Separation of config/oper data from processes

Clearly structured data

Easy export of structured data

John Smith 42 14155551212 Name: John Smith

• His age? Keys Values

CLI = Unstructured Data

# sh run int g0/0 # sh int g0/0

Some data can be read either as config data or

<internal operational data>

BGP Code BGP State BGP Code

Decouple state from the code that is managing it.

Process Restartability while retaining process data

Process Restartability while retaining process data

Process Restartability while retaining process data

Standardized Read/Write from multiple processes

TDL -> NETCONF/RESTCONF

Standardized data structure for easy export

<name>Ethernet 0/0</name> Question: Which of these is correct?

YANG Data XML

YANG models do not contain data or XML.

YANG models can be used as a template for generating structured

• Good for human consumption

• Designed for machine consumption

Models installed on device automatically with IOS-XE.

Models installed on device automatically with IOS-XE.

Also can be downloaded from GitHub.

• Only work on specific vendor devices • Multi-vendor support

Sometimes called "native"

<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces"> IETF-defined model

Both of these do exactly the same thing!

<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native"> Cisco-defined “native” model

<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces"> IETF-defined model

Or just Google: "cisco yangexplorer"

Models subscribed on YangExplorer

Either scroll through the

The XML is displayed.

Either scroll through the

The XML is displayed.