apic-em platform update - cisco.com · this section configures egress buffers and ... mls qos...

APIC-EM Platform Update

APIC-EM Platform – App Modularity

Until APIC-EM 1.2

Cisco Applications are- developed independently- packaged and deployed with APIC-EM

IWAN

EasyQoS

PnP

Path Trace

Lifecycle Mgmt.

Integrity Verification

From APIC-EM 1.3

Cisco Applications are- developed independently- deployed on demand

Going Forward

- Descriptive Service Model- DNA Center Integration- DNA Analytics Integration

x

APIC-EM 1.x Footprint

• Lower Footprint (32GB)

• Dynamic Sizing based on Scale

• Horizontal and Vertical Performance Scaling

• Support for 64, 128GB nodes

• Support for clustering of up to 3 nodes

x32 GB6 vCPU

250 Wired Devices250 Wireless Devices6k Hosts

x32 GB6 vCPU

10k Wired Devices10k Wireless Devices100k Hosts

As load increases…

APIC-EM EasyQoS App

Policy Service: EasyQoS

Enhance Collaboration Experience

300% 50%Reduction in

voice jitter

Video quality

improves

No Operator Intervention

”

The EasyQoS App reduces deployment times

for network-wide QoS dramatically. We can

now respond to changing application needs via

policy-based automation within minutes or even

seconds.

“

Select from Predefined

Policies

AutomatedDeployment

of QoS config

Optimized for Any

Infrastructure

Cisco ONE

Foundation

Edeka

Lower Costs & Complexity

Deploy changes: Months to Minutes

Thousands in cost savings

EasyQoSApplication QoS

Wireless APTrust Boundary

PEP4Q (WMM)

Catalyst 3650Trust Boundary

PEP2P6Q3T

Catalyst 45001P7Q1T

Catalyst 65001P3Q4T1P7Q4T2P6Q4T

…

Nexus 7700F3: 1P7Q1T

WLCPEP

ASR/ISRsMQC

Catalyst 2960-XTrust Boundary

PEP1P3Q3T

Wireless APTrust Boundary

PEP4Q (WMM)

EM

Applications can interact with APIC-EM via Northbound APIs, informing the network of application-specific and dynamic QoS requirements

Southbound APIs translate business-intent to platform-specific configurations

Network Operators express high-level business-intent to APIC-EM EasyQoS

77© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 7

EM

EasyQoS will seamlessly interconnect all types of hardware and software queuing models to achieve consistent and compatible end-to-end treatments aligned with the expressed business-intent

EasyQoSApplication QoS- Deploy End-to-End DSCP based Queueing Policies

LAN QoS

ip access-list extended APIC_EM-VOICE-ACLpermit ip host 10.0.0.10 any dscp efexitip access-list extended APIC_EM-BROADCAST-ACLpermit ip host 10.0.0.20 any dscp cs5exitip access-list extended APIC_EM-REALTIME-ACLpermit ip host 10.0.0.30 any dscp cs4exitip access-list extended APIC_EM-MM_CONF-ACLpermit ip host 10.0.0.10 any dscp af41exit…

Catalyst Switch Access-Layer PEP Static Endpoint ACLs

Populated with static endpoints (discovered by the APIC-EM Inventory Service):

• Cisco IP Phones

• Cisco IP Video Surveillance Cameras

• Cisco TelePresence Systems

• Cisco IP Video Phones

BRKRST-2046 12

How Can Apps Be Classified at Campus LAN PEPs?

Google Search: “NBAR Protocol Pack”

Cisco Protocol Pack Library: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/nbar-prot-pack-library.html

Protocol Pack 21: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/pp2100/nbar-prot-pack2100.html

13

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/nbar-prot-pack-library.html

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/pp2100/nbar-prot-pack2100.html

How Can Apps be Classified in the Campus LAN?

<protocol><attributes><application-group>other</application-group><business-relevance>business-relevant</business-relevance><category>business-and-productivity-tools</category><encrypted>false</encrypted><p2p-technology>false</p2p-technology><sub-category>desktop-virtualization</sub-category><traffic-class>multimedia-streaming</traffic-class><tunnel>false</tunnel>

</attributes><common-name>Citrix Static</common-name><enabled>true</enabled><engine-id>3</engine-id><global-id>L4:1604</global-id><help-string>Citrix Static</help-string><id>1433</id><ip-version><ipv4>true</ipv4><ipv6>true</ipv6>

</ip-version><long-description>Citrix is an application that mediates users remotely to their corporate applications. ICA: Independed Computing Architecture is a designated protocol for application server system; it is used for transferring data between clients and servers…<name>citrix-static</name><ports><tcp>1494,1604,2512,2513,2598</tcp><udp>1604,2512,2513</udp></ports><indicative-ports><tcp>1494,1604,2512,2513,2598</tcp><udp>1604,2512,2513</udp>

</indicative-ports><references>http://www.citrix.com/site/resources/dynamic/additional/ICA_Acceleration_0709a.pdf</references><commonly-used>7</commonly-used><selector-id>1604</selector-id><underlying-protocols>tcp,udp</underlying-protocols>

</protocol>

remark citrix-static

permit tcp any any eq 1494


permit tcp any any range 2512 2513


- Citrix Static

ip access-list extended CONTROLLER-MULTIMEDIA-STREAMING-ACL

…

permit udp any any eq 1604

permit udp any any range 2512 2513

Note: EasyQoS must maintain an ACE Count by Appe.g. citrix-static: 6 ACEs (TCAMs)

BRKRST-204614

LAN Marking Policy Summary ExampleClasses and ACEs Required at Access LAN Edge

• Voice (dynamic): 96 ACEs per switch / module (1 IP Phone + 1 PC)

• Video (dynamic): 96 ACEs per switch / module (1 IP Phone + 1 PC)

• Broadcast Video: N/A

• Real-Time Interactive N/A

• Network Control: N/A

• Signaling: 10 Protocols / 26 ACEs

• OAM: 50 Protocols / 98 ACEs

• Multimedia Streaming: 6 Apps / 19 ACEs

• Transactional Data: 45 Apps / 94 ACEs

• Bulk Data: 48 Apps / 99 ACEs

• Scavenger: 50 Apps / 108 ACEs

• CAPWAP 2 Protocols / 2 ACEs

TOTAL: 213 Apps / 638 ACEsBRKRST-204615

Switch LAN-Edge PEP Policy Workflow

TCAMs Available for Traffic-Class?

Note: Per-Platform TCAM Limits for QoS Pre-Programmed into APIC-EM + Confirmed before DeploymentTCAMs

Available for QoS?

Start Deployment

Note: Remaining Apps to be Pre-Sorted by:1) Popularity Attribute2) Alphabetically

Redistribute remaining TCAMs Across Traffic-Classes and Process Each Traffic Class

Have All Custom Apps Been Processed?Yes

Deploy ACE(s) For Next L4-App From

Custom AppsNo

Yes

Continue to Next App

Have All Favorite Apps Been Processed?

NoIs the App Voice

or Video?

No

Yes

Any (More) TCP or UDP Ports?

TCP Port 80, 443, 8080,

etc.?

ID App as L4-App + Construct ACE(s)

YesNo

No

Have All Remaining Apps Been Processed?

NoIs the App Voice

or Video?Yes

Continue to Next App

Any (More) TCP or UDP Ports?

TCP Port 80, 443, 8080,

etc.?

ID App as L4-App + Construct ACE(s)

YesNo

Note: “Video” in this context includes: realtime-Interactive, broadcast-video, multimedia-conferencing traffic-classes.

TCAMs Available for

QoS?

YesNo Yes

Yes

No Yes

No

Yes

Stop

No

YesNo

LAN QoS Design:LAN Queuing

18BRKRST-2046

1P3Q3T Egress Queuing ModelCatalyst 2960-X / 3560-X / 3750-X

Network Management

Signaling

Realtime Interactive

Transactional Data

Multimedia Conferencing

Bulk Data

AF2

CS3

CS4

AF4

CS2

AF1

Scavenger CS1

Best Effort DF

Multimedia Streaming AF3

Broadcast Video

VoIP

Application

CS5

EF

Internetwork Control CS6

DSCP

Network Control (CS7)

Q1

Priority Queue

Queue 4(5%)

Queue 2

(30%)

Default Queue

Queue 3 (35%)

Q2T3

Q2T2

Q4T2

Q4T1

Q2T1

CS6

CS7

EF

CS4

CS3

CS2

DF

CS1

AF1

AF4

AF3

AF2

1P3Q3T

CS5

Catalyst 2960-X / 3560-X / 3750-X1P3Q3T Egress Queuing-Part 1

! This section configures egress buffers and thresholds

mls qos queue-set output 1 buffers 15 30 35 20

mls qos queue-set output 1 threshold 1 100 100 100 100




! This section configures egress CoS-to-Queue mappings

mls qos srr-queue output cos-map queue 1 threshold 3 4 5

mls qos srr-queue output cos-map queue 2 threshold 1 2


mls qos srr-queue output cos-map queue 2 threshold 3 6 7


BRKRST-2046 20

EasyQoS GUIStep 1: Define a Scope for Policy Application

EasyQoS GUI(Optional) Step 2: Add Custom Applications

EasyQoS GUIStep 3: (Optional) Change Application Business-Relevance

APIC-EM Easy QoS App

New Easy QoS Features in APIC-EM 1.3

General Availability

Policy Configuration Preview

Policy Rollback/Restore (…to brownfield QoS config)

Policy Abort

Advanced Consumer Policies

Bidirectional Policies

Extended Custom Application Options (Port Range, Subnets, DSCP)

Custom SP Profiles (DSCP, BW, Class Models)

UI Alerts about Pending Changes

Faster Provisioning (1000 Devices in < 1hr)

Improved UX

EasyQoS AppDynamic Policy

Application-Driven Dynamic Policy

Client A calls

client B

QoS policy enabled

on network device

Application

Dynamic Policy

Management

Call ends

Client sends call setup

info to App server

Client sends call teardown

info to App Server

QoS policy removed

from network device

Application

Dynamic Policy

Management

App Server calls APIC-EM

to setup policy

APIC

EM

SDN API

App Server calls APIC-EM

to delete policy

APIC

EM

SDN API

28

EasyQoS GUIStep 4: (Optional) Enabling Dynamic QoS

Dynamic QoS WorkflowPart 1: Proceeding Voice/Video Call

EM

CUCM signals APIC-EM of a proceeding call via a Northbound Rest API

APIC-EM acknowledges the flow and assigns a Flow-ID

APIC-EM deploys dynamic ACLs for voice and/or video

to the specific switch ports hosting the endpoints

ip access-list extended VOICE

permit udp host 10.1.1.1 eq 18578 host 10.2.2.2 eq 17333

ip access-list extended VIDEO






POST /api/v1/policy/flow:{"srcIPAddress":"10.1.1.1","dstIPAddress":"10.2.2.2","srcPort":31999,"dstPort":21141, "protocol" : “udp", "flowType" : "VIDEO", … "codec": “H.264" }

{"response":{"data":"success","flowId":"bc8727b7-76d0-4bac-94b9-fa6b76a1a803"},"version":“1.0"}

Dynamic QoS WorkflowPart 2: Terminating Voice/Video Call

EM

CUCM signals APIC-EM to delete the Flow-ID of a terminating call

APIC-EM removes the dynamic ACLs for voice and/or video

from the specific switch ports hosting the endpoints


no permit udp host 10.1.1.1 eq 18578 host 10.2.2.2 eq 17333







DELETE /api/v1/policy/flow/bc8727b7-76d0-4bac-94b9-fa6b76a1a803

apic-em platform update - cisco.com · this section configures egress buffers and ... mls qos...

Documents