Application Extension Platform (Axp) : Brkdev-1001

BRKDEV-1001
14592_05_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 1
Application eXtension
Platform (AXP)
BRKDEV-1001
BRKDEV-1001
© 2006, Cisco Systems, Inc. All rights reserved. 1

Presentation_ID.scr
Agenda
1. Introduce the ISR and 6. Packaging and Installing
Service Module
7. AXP API
2. Why AXP ?
8. CLI Plug-In
3. AXP Use Cases
9. Debugging
4. AXP Architecture
10. Failure Detection
5. Development Cycle
BRKDEV-1001
Traditional Business Solution:

Separate Applications and Appliances
Security Firewall, IDS and VPN Appliances
Application Optimization File Engine
Voice Services Hybrid/Key System
Data Branch Access Router
Local Connectivity LAN Switch
BRKDEV-1001

Presentation_ID.scr
Integrated Solution for
Advanced Services
Integrated Services
Router
Embedded Security
Voice Ready
Application Optimization
L2 Switching
Network Analysis
BRKDEV-1001
The Value of Integration

Overlay Appliances Integrated Services Router
3G Modem
Router
Switch
Wireless LAN
WAN/App Optimization
vs. Cisco ISR 3845
With Voice, Wireless, Video,
Security Appliance WAN Optimization, Switch
Voice Appliance
Over 70% OpEx Reduction
Total Cost
$80,000
of Ownership Competitive Overlay Appliances
$70,000 Revenue Loss
Employee Productivity
Indirect Costs
$60,000
Direct and
Unplanned Downtime Losses

$50,000
Planned Downtime Losses
$40,000 Maintenance Contracts
Facilities (Space,
$30,000 Power, Cooling)‫‏‬
Cisco Integrated Services Router Implementation Costs
$20,000
NMS Costs
$10,000
$0
BRKDEV-1001

Presentation_ID.scr
Integrated Services Routers Portfolio
Feature Breadth
Performance and Services Density
and Scale at
Highest
Performance
3800 Series
High Density and Performance for

Concurrent Services 2800 Series
Embedded, Advanced Voice, Video,

Data, and Security Services 1800 Series 800 Series
Embedded Wireless, Security, and Data
SP/Edge Small Office and

Branch Office Small Branch SMB Teleworker
Head Office
BRKDEV-1001
Router-Integrated Services
Extending the Platform by Integrating
Applications and Services
Security Application Network
Voice/Video
Optimization Analysis
Intrusion Detection Cisco Unity Express Content Engine Network Analysis

Voicemail Module
AONs
Network Access Extended Voice
Control Module
Cisco IOS VPN Call Manager Express IP-SLA

TCP Optimization/
Cisco IOS Firewall Auto Attendant Compression QoS
Cisco IOS IPS NBAR
802.1x NetFlow
BRKDEV-1001

Presentation_ID.scr
Why Application
eXtension Platform
(AXP)?
Cisco’s New Application Services Strategy
BRKDEV-1001
Integrated Services in the Empowered

Branch: Current Limitations and Needs
Integrated Services
Routers User Applications
Services
Security
IP voice and video
WAN/app optimization
Mobility
Monitoring
WAN/LAN Access
Only Cisco developed services are integrated

Customers, system integrators, and ISVs would like to add
their own value-added functionality into the router
They don’t just want to host applications but to integrate their
applications into the network to solve business problems
BRKDEV-1001

Presentation_ID.scr
Solution—AXP
Provides the Ability for Customers, Third-Party System
Integrators, Managed Service Providers, and ISVs to Integrate
Custom Services into Cisco’s Integrated Services Routers
N
tio
ew
a
id
Ap
ol
p
ns
lic
Co
at
Programmatic Router
io
al
n
Integration
ic
C
ys
ap
Ph
a
Custom Prop. Value-Added Network Bus. App.
bi
liti
Scripts Logic Services Utilities Components
se
Enterprise MSPs Integrators ISVs
BRKDEV-1001
June
Application eXtension Platform 2008
Secure Network Integrated Infrastructure to Host Branch Applications
SDK and Development Portal

AXP Partner Program
AIM-102 NME-302/522 AXP Development Services
256 MB, 1 GB, Intel Celeron 512 MB–2 GB, 80/160 GB,
Intel Celeron Pentium M
Embedded Lightweight Apps AXP Advanced Services
General-Purpose and Packet
Services . Advanced Services
Linux-based integration environment

Customer Benefits
Certified libraries to implement C, Python,
Perl, and Java applications Server consolidation
Lowers branch TCO
Multiapp support with ability to segment
and guarantee CPU, memory, and disk Network/app integration
resources Standards compliance—
HIPAA, PCI, SOX, etc.
Extensible Cisco CLI with Cisco IOS® APIs
“Green”
Cisco ISR 1841, 2800, 3800 Series support
BRKDEV-1001

Presentation_ID.scr
AXP Use Cases
Design/Configuration of Common Deployment Models
BRKDEV-1001
Network-Aware Applications
Use Case: Router Configured with High Bandwidth
Link for Primary, Low Bandwidth Link for Failover WAN
Application Utilizes High Bandwidth Link to
Provide Services to Local Clients Normal Operation
Network Failover with Typical Application
X
Router fails over to low-bandwidth link WAN

Application is not aware of the drop in capacity
Continues with normal operation
Loss of service and unpredictable behavior occurs Network Failover
AXP Network-Aware Application

Router notifies application of bandwidth change
Application queries router to determine
X
the current state of the outage WAN

Dynamically alters router settings based on business rules
Settings based on business situation (time of day)…
Network Failover with AXP App
Application alters behavior
based on new information
Requests low-bandwidth version of data
Limits requests to high priority items only
BRKDEV-1001

Presentation_ID.scr
High Availability—Network-Based
Failover for Branch Applications
Branch utilizes a local AXP-based embedded application
Branch initiates a request
Router intercepts request and delivers to the AXP-based app
AXP application responds to branch
If the local instance fails, the router bypasses the intercept and forwards
the request to a centralized global failover server
X
Utilizes the network for redundancy
Supports standard TCP based applications
Saves on costly HA infrastructure in the branch
BRKDEV-1001
Use Case: Custom Network Services

Problem
IT policy prevents deployment of
additional physical servers in the branch
Difficult to perform basic network
management or troubleshooting
Solution
Custom network utilities to monitor and
troubleshoot the network
X-Windows access allows admin to view
packets and utility results in real-time
Custom SLA utilities to measure
performance
Augmented with Cisco-supported
network utilities
Benefits
Platform to enable service providers to enable their
own tools and monitoring utilities
Management of customer networks—new services
Local survivability of business services
BRKDEV-1001

Presentation_ID.scr
Use Case: Packaged Network Utilities
Problem
WAN
Various core network-based services such as
DNS, DHCP, and AAA need to be resident in
each remote site, but centrally managed
Solution
ISR with AXP hosting multiple common network
Remote Site
utilities (DNS, DHCP, TFTP, AAA)
Benefits AAA Syslog

Better service to end-customer DNS TFTP
(performance, availability) DHCP Telnet
NTP SNMP
Integrated solution with lower TCO …
than other solutions
No additional appliances; conservation of Local Network-Based Utilities
physical space for LAN-Side Clients, WAN
Centrally managed Outage Survivability, etc.
BRKDEV-1001
Use Case: Unified Communication

(UC Apps)
Examples
Speech capabilities at Cisco ISR
enterprise branches Cisco IOS AXP Module

Configuration
Speech capability on ISR Monitoring
Event Trigger
Logging/Debugging Facilities
blade can be leveraged by Third-Party

Cisco IOS Interface
Applications
multiple applications: IVR, Cisco
CallManager
Cisco Unity® Express, Contact Express
Center Express CUAE

Control Plane
AXP
Branch voice recording Data Plane
GE-1 GE-2
Lightweighted recording/ AUX
retrieval modules on ISR to

support ad-hoc recording, to
minimize WAN bandwidth and
support recording survivability UC apps ported on AXP
UC apps interwork with CME
AXP offers hosting environment and
Cisco IOS integration
BRKDEV-1001

Presentation_ID.scr
AXP Architecture and
Technical Overview
Overview of the Service Module and the Host ISR Platform
BRKDEV-1001
AXP Technical Overview

Dedicated Application Resources
Cisco ISR
Dedicated CPU, memory, and disk
Application separated from core router AXP Module
Cisco
functionality Configuration
IOS
Logging/Debugging facilities
Java
Cisco IOS Interface
(C/C++) Application
Monitoring App
Standards-Based Hosting Infrastructure OSGI
Hardened Cisco Linux OS with virtualization Event Triggers Perl/Python
Java
Complete install/upgrade packaging utilities
Control Plane Virtual Instance Virtual Instance
Full appliance functionality
Data Plane Extensible Cisco IOS-Like CLI
Logging and debugging infrastructure
Cisco Linux OS
AUX GE-1 GE-2
Programming Support
Support for Native x86 C/C++
Java support with optional OSGI and Tomcat
Scripting support (BASH, Perl, Python) Cisco IOS APIs integrate the Application
into the Network
Value-Added Features Programmatically configure and monitor Cisco IOS
Serial tunneling providing application access to
React to changes in network conditions
external devices
Syslog server to store logs from router and other Programmatically influence routing, QoS, and
local devices IP-SLA
NetFlow collector to persist and analyze flows locally Monitor packets flowing through network
BRKDEV-1001

Presentation_ID.scr
AXP—Virtualization
AXP natively supports
virtualization
Enhanced security
Library independence
Resources isolation
Minimal memory
overhead
CPU
Index
Remaining
BRKDEV-1001
Supported Hardware
AIM-APPRE-102-K9 ISR Routers Supported
CPU: 300 Mhz
AIM 102 NME 302 NME 522
Memory: 256 MB
Compact Flash: 1 GB 1841 Y
NME-APPRE-302-K9 2801 Y
CPU: 1.0 Ghz 2811 Y Y

Memory: 512 MB
2821 Y Y
Disk: 80 GB
NME-APPRE-522-K9 2851 Y Y
CPU: 1.4 Ghz 3825 Y Y Y

Memory: 2 GB
3845 Y Y Y
Disk: 160 GB
BRKDEV-1001

Presentation_ID.scr
Networking
eth1
AXP Blade AXP Blade

(NME) (AIM)
Linux
eth0 eth0
Gigabit Ethernet Fast Ethernet
Backplane Backplane
Integrated Service
Service Engine 1/0 Engine 0/0 Cisco IOS
Interface Interface
WAN
WAN LAN LAN
Int Int
Cisco ISR (Router)

BRKDEV-1001
Development Cycle
BRKDEV-1001

Presentation_ID.scr
Development Process (SDLC)
1. Develop in dev environment (FC4 is
binary compatible, other versions
supported by updating libraries)
2. Package
Package AXP pkg (use wrapper scripts)
3. Install on AXP blade
Install AXP package
FTP or rsync files (executable update)
4. Test/debug
Linux shell
Review messages.Log
5. Synchronize files
Local app logs/syslog in VI
6. Package final working application
BRKDEV-1001
Accessing the Guest Shell

Each installed application has its own virtual instance and shell
To access the shell you can implement one of these two
methods
Method 1
Your application can depend upon package axp-app-
dev.<platform>.<version>.pkg
This debug package also supports SSH access to the application
guest shell and rsync
Method 2
You can include a post-install.sh script in your build; in this script
you’ll create a symbolic link to /bin/bash
#!/bin/sh
ln –s /bin/bash /bin/console
Be sure to make this script executable and reference it in your
packaging command line
BRKDEV-1001

Presentation_ID.scr
Development Process—Production
Development Machine
SDK Linux (FC4)
Tools (Compiler, Make, IDE)
Develop SDK (Packaging Scripts, API Headers/Libs
for Various Languages)
Package
Source Compile
Installation Code
Binaries
Package
ISR
AXP
Auth File + .pkg
Private Key AXP Blade
CLI> software install add
url ftp://.....AXP.pkg
BRKDEV-1001
AXP SDK
BRKDEV-1001

Presentation_ID.scr
AXP SDK
File name
axp-sdk<version>.tar.gz
Includes
Packaging and bundling tools
RPM extractor: rpm_extractor.sh
Package information: pkg_info.sh
Package builder: pkg_build.sh
Library dependency checker: pkg_check.sh
APIs
CLI plug-in utility tools
BRKDEV-1001
Packaging and
Installation
BRKDEV-1001

Presentation_ID.scr
Application Packaging
Vendor’s X.509
Certificate
(Includes Public Keys) Vendor’s Private Key Application Files
Checksum of
Certificate Encrypted
with AXP Private key
Sign Application Files Compress Application Files
Install/Update
Signed Application Bundle

BRKDEV-1001
Security Enforcement via Certificate
Unauthorized software will not be allowed to be loaded

into operating system
Enforced through cryptographic signatures
Verify packages have been signed by Cisco
Application vendors will not have access to private
Cisco keys for package signing
Need to manage their own public/private key pairs
Managing permissions
Cisco responsible for managing permissions to install software
into AXP environment
Cisco will provide third-party vendors a checksum of their X.509
certificate encrypted with AXP OS private key Æ key becomes
authorization
BRKDEV-1001

Presentation_ID.scr
Application Authorization Process
2 1
4
3
6 5
Trusted Application Cisco

Certificate Vendor
Authority
1. Generate certificate request

2. Request certificate signing to TCA
3. TCA responds with signed X.509 certificate
4. Request software development authorization (include signed certificate)
5. Verify certificate authority
6. Respond with software development authorization certificate
BRKDEV-1001
Install, Uninstall, Upgrade—Commands

Installing packages from FTP directory
software install add url <url> (for anonymous ftp directory)
software install add url <url> username <user> password <pass>
Uninstalling packages
Software uninstall
Upgrading packages
Third-party upgrade applications must meet the following criteria
UUID must match application being upgraded
Name must match application being upgraded
Version must be different than the application being upgraded
Commands
software install upgrade url <url> (for anonymous ftp directory)
software install upgrade url <url> username <user> password <pass>
Software changes will cause service module to reboot

BRKDEV-1001

Presentation_ID.scr
API
BRKDEV-1001
API Overview
Languages supported
Most of the APIs support: C/C++, Java, Python, and Perl
Cisco IOS Service API (CLI)
Query and configuration capabilities into Cisco IOS router configuration
CLI Service API (CLI)
Query and configuration capabilities into AXP service module configuration
AXP Triggering API
Leverages Embedded Event Manager (EEM)
Send notifications to the application based on events; allows the application to react to
network conditions, changes to Cisco IOS configuration and other Cisco IOS events
Network packet monitoring
Mechanisms to send packets to third-party application for analysis or processing
Promiscuous mode
Serial device control
Access to serial port on Cisco IOS router where blade is deployed
Other add-on packages
Discuss functionality
BRKDEV-1001

Presentation_ID.scr
Cisco IOS Service API
Application must depend upon package
axp-iosapi.<platform>.<version>.pkg
Netconf over Beep must be configured

Can run user or privileged mode commands, i.e., ‘show …’ to
receive router configuration data and ‘config t …’ to configure
the router
Cisco IOS CLI

Config_command(s)
Exec_command(s)
Service API
Application
Cisco IOS
Cisco IOS
Services
Return_value(s)
BRKDEV-1001
CLI Service API

No application dependency required since functionality is built in
Can run user or privileged mode commands, i.e., ‘show …’,
‘config t …’ on router
Config_command(s)
AXP CLI
Exec_command(s)
Service API
Application
Cisco IOS
Return_value(s)
BRKDEV-1001

Presentation_ID.scr
AXP Triggering API
axp-eemapi.<platform>.<version>.pkg
Leverages the Embedded Event Manager—EEM for event detection

and tracking
Applications register and listen to the events through EEM APIs
Embedded Cisco IOS events trigger an message via TCP to AXP EEM
daemon (e.g., config change, interface state change)
AXP Service Module Cisco IOS Router
Application TCL Script

Call Back
API Manager EEM

IPC
TCP
EEM Daemon Event
Detector
BRKDEV-1001
AXP Triggering API (Cont.)
Embedded Event Manager (EEM)

Cisco IOS notifications to applications on AXP
Wide range of events can be notified to the applications
EEM supports the following Cisco IOS images

IP-Voice
Adv-Security
Adv-Enterprise
At event occurrence
TCL script is triggered by EEM
Event will be delivered to EEM event daemon on AXP host side
Event is then dispatched to registered application
BRKDEV-1001

Presentation_ID.scr
Event Types Supported
Event Mapping
Event Corresponding TCL Event Type
aapl event_register_appl
cli event_register_cli
counter event_register_counter
interface event_register_interface
ioswdsysmon event_register_ioswdsysmon
none event_register_none
oir event_register_oir
snmp event_register_snmp
syslog event_register_syslog
timer event_register_timer
timer_subscriber event_register_timer_subscriber
ios_config (Cisco IOS Event) [No Value]
BRKDEV-1001
Promiscuous Packet Monitoring—API

No package dependency is required
Configure the ISR to copy packets to the service module; this
configuration can be done via the Router IP Traffic Export (RITE)
or Interface Monitoring features available via Cisco IOS
RITE provides more granular control because it supports Access
Control Lists (ACL), but will not copy router generated packets
The AXP kernel is configured with the following directly accessible
features:
Raw socket interface (CONFIG_RAW)
Raw socket memory mapped mode (CONFIG_RAW_MMAP)
Socket filtering
The raw socket interface is compatible with the higher level

abstraction of libpcap and MMAP packet access
BRKDEV-1001

Presentation_ID.scr
Remote Serial Device API
axp-vserial.<platform>.<version>.pkg
Local AXP host TTY device interacts with the external Cisco IOS
serial device
Serial device must be RFC 2217 compliant
Device: i.e., /dev/modem, /dev/gps
Serial port settings (e.g., baud rate) configured through Cisco IOS
AXP Blade Cisco IOS

Router
Async/Aux Port
Application
External
Serial
Tunnel
/dev/ttyx Device
BRKDEV-1001
Other Add-On Packages

Open Services Gateway Initiative (OSGi)
axp-prosyst-mbs6.<platform>.<version>.pkg
Allows Java applications to be remotely started,
stopped, installed, updated, and uninstalled
Tomcat
axp-tomcat5.<platform>.<version>.pkg
Package to embed Apache Tomcat
SSH
axp-ssh-4.6p1-k9.<platform>.<version>.pkg
Enables SSH tunneling to the application
Perl
axp-perl-5.8.8.<platform>.<version>.pkg
Provides Perl language support
BRKDEV-1001

Presentation_ID.scr
CLI Plug-In
BRKDEV-1001
CLI Plug-In
Allows hosted applications to add commands to the CLI
axp-cli-plugin.<platform>.<version>.pkg
Components
CLI plug-in
XML definition file
Defines the commands specified by the user to execute the action script
Action
Executable file that runs when the CLI command is issued
Application
Must include a call to startCLIDistributionVMThread
Starts CLI plug-in listener
Must not terminate
BRKDEV-1001

Presentation_ID.scr
CLI Plug-In Work Flow
Service Module
CLI Command Console
3 7
1
AXP CLI Server XML
(Commands, Action Class)
4 6
2 5
Application Action
(Listener) Class
1. Register 5. Receive/Respond
2. Start up 6. Pass to CLI Server
3. Command entered 7. Pass to CLI Console
4. Send to Listener
BRKDEV-1001
CLI Plug-In (Cont.)

Sample XML Definition File Java Sample for Class
BRKDEV-1001

Presentation_ID.scr
CLI Plug-In Application—Java Example
import com.cisco.aesop.apphosting.cli_distribution.CLIDistributionVM;
import java.io.*;
import java.lang.*;
public class MyAppMgr{
public void sendStatus(String name, String status, PrintWriter pw){

try{
Runtime rt = Runtime.getRuntime();
rt.exec("/bin/app_status_notifier " + name + " " + status);
}
catch(Exception e){
System.out.println("Send of status failed. Exception " +
e.getMessage(),pw);
}
}
public static void main(String[] args){

MyAppMgr mgr = new MyAppMgr();
try{
mgr.sendStatus("showtime","INITIALIZING",pw);
//showtime is the name of our package.
CLIDistributionVM.startCLIDistributionVMThread("showtime");
Object obj = new Object();
synchronized(obj){
mgr.sendStatus("showtime","ALIVE",pw);
pw.flush();
obj.wait();
}
}
catch(Exception e){
System.out.println("Exception " + e.getMessage(),pw);
}
finally{
mgr.sendStatus("showtime","DOWN",pw);
}
}
}
BRKDEV-1001
CLI Plug-In Application—Results

Booting:
[########################################################>] 100%
SYSTEM ONLINE
se-10-1-1-20> app-service showtime
se-10-1-1-20(exec-appservice-showtime)> show time
Mon, 17 Mar 2008 16:38:35
se-10-1-1-20(exec-appservice-showtime)>
BRKDEV-1001

Presentation_ID.scr
Debugging
BRKDEV-1001
Application Health Status
Application State (VI) Health (App) Meaning
VI Running;
App_A Online —
App Health Unknown
Alive/Down VI Running;
App_B Online
Initializing App Health Known
VI Is Down;
App_C Offline —
App Is Down
AXP provides an API call for an application to report its health.

Note: AXP will not actively monitor application health values.
The application has to report its health to the AXP host.
BRKDEV-1001

Presentation_ID.scr
Commands for Debugging
Viewing state and analyzing the logs

show app-service state
show process
show log name messages.log containing <application name>
paged
show log name messages.prev.log containing <application
name> paged
show errors
Analyze trace buffer
show trace buffer
Check interface, in case of network-related issues
show interfaces <interface>
BRKDEV-1001
Failure Detection
BRKDEV-1001

Presentation_ID.scr
Watchdog Scripts
Scripts should be put in

/opt/app_status_monitor/watchdogs/
Scripts should have execution permission
All scripts in directory will be executed
Names can use the following pattern: W**<name>.sh
(ex W01myapp.sh), if order is important
Returned status code of zero indicates the application
is healthy and alive
Any script with non-zero return status, will be logged
A threshold can be set to determine when a virtual
instance is rebooted
BRKDEV-1001
Watchdog Scripts—Shell Script Example

#!/bin/bash
APP=test.sh
APPNAME_NO_EXT=test
PID_FILE=/var/run/${APPNAME_NO_EXT}.pid
if [ ! -e $PID_FILE ]; then
exit 1;
fi
PID_FROM_FILE=`cat ${PID_FILE}`
for x in `ps -ef|grep $APP |awk '{print $2}'`

do
if [ $x == "${PID_FROM_FILE}" ]; then
exit 0
else
exit 1
fi
done
BRKDEV-1001

Presentation_ID.scr
Q and A
Send Questions to: axp-questions@cisco.com
BRKDEV-1001
Recommended Reading
Continue your Cisco Live

learning experience with further
reading from Cisco Press
Check the Recommended
Reading flyer for suggested
books
Available Onsite at the Cisco Company Store

BRKDEV-1001

Presentation_ID.scr
Complete Your Online
Session Evaluation
Give us your feedback and you could win Don’t forget to activate
fabulous prizes. Winners announced daily. your Cisco Live virtual
account for access to
Receive 20 Passport points for each session all session material
evaluation you complete. on-demand and return
for our live virtual event
Complete your session evaluation online now in October 2008.
(open a browser through our wireless network Go to the Collaboration
to access our portal) or visit one of the Internet Zone in World of
stations throughout the Convention Center. Solutions or visit
www.cisco-live.com.
BRKDEV-1001
BRKDEV-1001

Presentation_ID.scr
Supplement
BRKDEV-1001
Functionality—Runtime—Startup
AXP platform runs on a Cisco version of the Linux

Standard Base (LSB) and supports kernel 2.6.14
Cisco Linux OS and services will complete startup prior
to any virtual instances starting
Verify application integrity
After virtual instance is started, control is handed to
individual init programs in guest OS (/etc/rc.d/init.d)
Third-party applications are started by guest OS
startup scripts
This Controlled Sequence Ensures Corrupt

Applications Do Not Affect Other Applications
BRKDEV-1001

Presentation_ID.scr
Router Cisco IOS Version Requirements
All Cisco IOS images must be crypto, and version

12.4(15)T3 or higher
Cisco IOS image supported types
IP-Base
IP-Voice
Adv-Security
Adv-Enterprise
For the Embedded Event Manager API, IP-Base is not

supported because EEM is not available in this image
BRKDEV-1001
Configuring AXP Blade Interface

on the ISR—Method 1
IP unnumbered configuration
interface GigabitEthernet0/0
ip address 10.1.1.2 255.255.255.0
duplex auto
speed auto
no mop enabled
!
interface Integrated-Service-Engine1/0
ip unnumbered GigabitEthernet0/0
service-module ip address 10.1.1.20 255.255.255.0
service-module ip default-gateway 10.1.1.2
no keepalive
!
ip route 10.1.1.20 255.255.255.255 Integrated-Service-Engine1/0
BRKDEV-1001

Presentation_ID.scr
Configuring AXP Blade Interface
on the ISR—Method 2
IP numbered configuration
interface GigabitEthernet0/0
ip address 10.1.1.3 255.255.255.0
duplex auto
speed auto
no mop enabled
!
interface Integrated-Service-Engine1/0
ip address 10.1.2.6 255.255.255.0
service-module ip address 10.1.2.7 255.255.255.0
service-module ip default-gateway 10.1.2.6
no keepalive
BRKDEV-1001
Packaging and Bundling Applications

Overview
The following pieces of information must be supplied

at the time an application is to be packaged
Project directory
Third-party development certificate location
Cisco development authorization file location
Third party private key location
Application name
Application version
Application description (optional)
Application UUID (recommended)
Application files location
Package dependencies
Disk limit (MB)
Memory limit (MB)
CPU limit (in CPU index points)
Postinstall script (optional)
BRKDEV-1001

Presentation_ID.scr
Example CLI Commands
Packaging and Bundling
Package building tool

pkg_build --project-dir ‘/xyz-source’ --dev-cert ‘/xyz_source/x509.sig’ --
dev-auth ‘/xyz_source/dev_auth.sig’ --private-key
‘/xyz_source/privkey.sig’ --name ‘xyz’ --version ‘1.0’ --description ‘XYZ
Utility’ --source-dir ‘/xyz_source/root_fs’ --uuid ‘f93f3d5f-84e7-435e-
919f-74f59c66ba77’ --deps ‘cc1b5b06-6b17-42c9-b9dd-
88c29674b390,all’’ --disk-limit ‘1500M’ --memory-limit ‘256M’ --cpu-limit
‘1000’
Package bundling tool

pkg-bundle --project-dir ‘/xyz-source’ --private-key
‘/xyz_source/privkey.txt’
--output ‘dist-bndle-xyz’ ‘axp-app-dev.nme.1.0.1.pkg’ ‘xyz-1.0.pkg’
Try to store your packaging CLI in an executable script so

that you don’t have build packages in an interactive mode;
this will speed up development process
BRKDEV-1001
Packaging—Suggested
Deployment Details
/usr/local/<app>
/usr/local/<app>/lib + LD_LIBRARY_PATH
/usr/local/<app>/bin/postinstall.sh
#!/bin/sh
ln -s /bin/login.sh /bin/console
/usr/local/<app>/bin/login.sh
#!/bin/sh
/bin/bash -login
chmod a+x postinstall.sh; chmod a+x login.sh

Relative symbolic links, not absolute
Use pkg_check.sh utility to identify library file dependencies; the library dependency
checker tool looks for dependencies of packaged binary files in the default /lib
directory; the checker tools list any binary files with unsatisfied dependencies and
any corresponding missing libraries
Pay attention to resource parameters to make sure that your hosting environment
has appropriate available resources on service module type ‘show resource limits’
BRKDEV-1001

Presentation_ID.scr
Cisco IOS Service API—
Java Application Example
import com.cisco.aesop.apphosting.iosapi.*;
import java.io.*;
public class IOSTest{

final String cmd="int gig0/0;description brett added this one";
try
{
IosServiceAPI iosapi = IosapiFactory.getIosApi("commonservice");
IosapiMessage msg = new IosapiMessage();
msg.setRequest(cmd);
int status = iosapi.config(msg);
if(IosServiceAPI.FAIL == status){
System.out.println("Ios Api Call failure of command '" + cmd + "' Message: " +
msg.getResponse());
}
else{
System.out.println("Status:'" + status + "' Command '" + cmd + "'response:" +
msg.getResponse());
}
}
catch(Exception e){
System.out.println(e.getMessage());
}
finally{
System.out.println("App done");
}
}
}
BRKDEV-1001
CLI Service API—

Java Application Example
import com.cisco.aesop.apphosting.iosapi.*;
import java.io.*;
public class AppreCall{

final String cmd=“show run";
try
{
int status;
CommonServiceImpl apiCall = new CommonServiceImpl();
AppreMessage msg = new AppreMessage();
msg.setRequest(cmd);
status = apiCall.exec(msg);
if(AppreAPI.FAIL == status){
System.out.println(“CLI Service Api failure of command '" + cmd + "' Message: " +
msg.getResponse());
}
else{
System.out.println("Status:'" + status + "' Command '" + cmd + "'response:" +
msg.getResponse());
}
}
catch(Exception e){
System.out.println(e.getMessage());
}
finally{
System.out.println("App done");
}
}
}
BRKDEV-1001

Presentation_ID.scr
EEM—Defining Your Event to Be Tracked
File name eem_config.xml must be placed into build source
directory /usr/eemapi
Example event
<Events>
<event name="myiosevent" type="ios_config" />
</Events>
If you track ios_config type events you must configure
NETCONF over BEEP protocols in your router and service
module
Tracking other event types requires that the router and
service module be configured with the same username and
password
Router: username <name> privilege 15 password <passwd>
Service module: username ios <name> password <passwd>
BRKDEV-1001
EEM—Java Application Example

import com.cisco.aesop.apphosting.eemapi.*;
class MyEventHandler extends EventHandler{

MyEventHandler(){
super(null);
}
public void callback(String eventName, String eventType, String eventInfo){

System.out.println("callback received event " + eventName + " of type " + eventType + " info " +
eventInfo);
}
public static void main (String args[]){

final String EVENT = "ios_config";
EventManager em = null;
try{
Object obj = new Object();
MyEventHandler eh = new MyEventHandler();
em = EventManager.getInstance();
if(em.Register(eh,EVENT)==1){
synchronized (obj){
obj.wait();
}
else{
System.out.println("Failed to register events " + EVENT);
}
}
catch(Exception e){
System.out.println("Caught exception " + e.getMessage());
}
finally{
if(em!=null){
em.Deregister()
}
}
}
}
BRKDEV-1001

Presentation_ID.scr
NPM—C Application Example
#include <stdio.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <linux/if_ether.h>
#include <linux/if_arp.h>
#include <errno.h>
int main (int argc, char* argv[]){

int result = 0;
int s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
if(s != -1){
struct sockaddr_ll socket_address;
socket_address.sll_family = AF_PACKET;
socket_address.sll_protocol = htons(ETH_P_ALL);
bind(s, (struct sockaddr*) &socket_address, sizeof(socket_address));
char* buffer= (char*)malloc(ETH_FRAME_LEN+1);

int length;
while(1){
length=recvfrom(s, buffer, ETH_FRAME_LEN,0,NULL,NULL);
if(length > 0){
buffer[length]='\0';
printf("data length %d\n",length);
}
else if (length == -1){
printf("Socket listener error %d\n",errno);
result = length;
break;
}
}
}
else{
printf("Socket creation error %d\n",errno);
result = s;
}
return result;
}
BRKDEV-1001
Remote Serial Device—

C Application Example
#include <stdio.h>
#include <fcntl.h>
int main(int argc, char* argv[]){

char *dev;
int fd;
printf("starting program\n");
if(argc > 1) {
dev = strdup(argv[1]);
}
else{
dev = strdup("/dev/modem");
}
fd = open (dev, O_RDWR | O_NONBLOCK | O_NOCTTY |
O_NDELAY);
printf("file descriptor is %d.\nExiting program\n", fd);
}
BRKDEV-1001

Presentation_ID.scr
Router Configuration
sasl profile SASL_PROFILE
mechanism anonymous
interface Serial0/0/0
physical-layer async
no ip address
encapsulation slip
line 0/0/0
no exec
transport input telnet
speed 115200
netconf max-sessions 16
netconf beep listener 2000 sasl SASL_PROFILE
BRKDEV-1001

Service Module Configuration
netconf beep initiator 10.1.2.6 2000

netconf max-sessions 16
app-service remoteSerialDevTest
bind interface eth0
hostname se-10-1-2-7
bind serial vtty000 modem
Note: The device vtty000 is the device name provided by the command ‘show device serial’
BRKDEV-1001

Presentation_ID.scr

Application Extension Platform (Axp) : Brkdev-1001

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Application Extension Platform (Axp) : Brkdev-1001

Загружено:

Авторское право:

Доступные форматы

BRKDEV-1001

© 2006, Cisco Systems, Inc. All rights reserved. 1

Traditional Business Solution:

Security Firewall, IDS and VPN Appliances

Application Optimization File Engine

Voice Services Hybrid/Key System

Data Branch Access Router

Local Connectivity LAN Switch

© 2006, Cisco Systems, Inc. All rights reserved. 2

The Value of Integration

Unplanned Downtime Losses

© 2006, Cisco Systems, Inc. All rights reserved. 3

High Density and Performance for

Embedded, Advanced Voice, Video,

Embedded Wireless, Security, and Data

SP/Edge Small Office and

Intrusion Detection Cisco Unity Express Content Engine Network Analysis

Cisco IOS VPN Call Manager Express IP-SLA

© 2006, Cisco Systems, Inc. All rights reserved. 4

Cisco’s New Application Services Strategy

Integrated Services in the Empowered

 Only Cisco developed services are integrated

© 2006, Cisco Systems, Inc. All rights reserved. 5

Secure Network Integrated Infrastructure to Host Branch Applications

SDK and Development Portal

 Linux-based integration environment

© 2006, Cisco Systems, Inc. All rights reserved. 6

Design/Configuration of Common Deployment Models

 Router fails over to low-bandwidth link WAN

AXP Network-Aware Application

the current state of the outage WAN

© 2006, Cisco Systems, Inc. All rights reserved. 7

Use Case: Custom Network Services

© 2006, Cisco Systems, Inc. All rights reserved. 8

Benefits  AAA  Syslog

Use Case: Unified Communication

enterprise branches Cisco IOS AXP Module

blade can be leveraged by Third-Party

Center Express CUAE

retrieval modules on ISR to

© 2006, Cisco Systems, Inc. All rights reserved. 9

Overview of the Service Module and the Host ISR Platform

AXP Technical Overview

© 2006, Cisco Systems, Inc. All rights reserved. 10

CPU: 1.0 Ghz 2811 Y Y

CPU: 1.4 Ghz 3825 Y Y Y

© 2006, Cisco Systems, Inc. All rights reserved. 11

AXP Blade AXP Blade

Cisco ISR (Router)

© 2006, Cisco Systems, Inc. All rights reserved. 12

Accessing the Guest Shell

© 2006, Cisco Systems, Inc. All rights reserved. 13

© 2006, Cisco Systems, Inc. All rights reserved. 14

© 2006, Cisco Systems, Inc. All rights reserved. 15

Sign Application Files Compress Application Files

Signed Application Bundle

Security Enforcement via Certificate

 Unauthorized software will not be allowed to be loaded

© 2006, Cisco Systems, Inc. All rights reserved. 16

Trusted Application Cisco

1. Generate certificate request

Install, Uninstall, Upgrade—Commands

Only Cisco developed services are integrated

Linux-based integration environment

Router fails over to low-bandwidth link WAN

Benefits AAA Syslog

Unauthorized software will not be allowed to be loaded

Software changes will cause service module to reboot

Netconf over Beep must be configured

Leverages the Embedded Event Manager—EEM for event detection

Embedded Event Manager (EEM)

EEM supports the following Cisco IOS images

The raw socket interface is compatible with the higher level

Viewing state and analyzing the logs

Scripts should be put in

Continue your Cisco Live

AXP platform runs on a Cisco version of the Linux

All Cisco IOS images must be crypto, and version

For the Embedded Event Manager API, IP-Base is not

The following pieces of information must be supplied

Package building tool

Package bundling tool

Try to store your packaging CLI in an executable script so

chmod a+x postinstall.sh; chmod a+x login.sh