Introducing the Cisco IOS XE Open Service Containers

2023 SEASON SALE Networking and Security Showcase In-stock ICT products at exclusive discounts

Did you hear of the Cisco service container and the Cisco open service container? Not yet? Now in this article we will introduce you the Cisco IOS XE Open Service Containers. There are three parts of Q and A to help you know the new Cisco open service container. Three Requirements: Hardware Requirements, Cisco IOS XE Software Requirements and Application Requirements.

The Cisco Service containers are applications that can be hosted directly on Cisco IOS XE routing platforms. The apps use the Linux aspects of the IOS XE operating system to host both Linux Virtual Containers (LXC) and Kernel virtual machines (KVM) on Cisco 4000 Series Integrated Services Routers (ISR), Cisco ASR 1000 Series Aggregation Services Routers, and Cisco Cloud Services Routers 1000V.

What is a Cisco open service container? A typical Cisco service container carries a digital signature that verifies it as an authentic application from Cisco. An open service container is a KVM application that does not require a digital signature. This means that any KVM application, regardless of where it comes from, can run directly on your Cisco IOS XE router. Open service containers are often referred to simply as KVM applications on IOS-XE routers.

There are no restrictions on what can run in a service container. Popular use cases include:

  • Network monitoring agents
  • Troubleshooting applications
  • Virtual network functions (domain controller, file server, print server, etc.)
  • Application server (inventory applications, point of sale, database applications, web servers, etc.)

Can I charge a fee for my open service container application? Yes. Open service container applications are the property of the application developer. They can include open-source content and licenses as well as closed-source proprietary code. They are exactly like virtual machines that run in other environments. Any necessary licenses for code within an open service container are the responsibility of the developer.

In general, Cisco will only certify and sign code developed, sold, and supported by Cisco. In certain instances Cisco might market solutions with partner applications, but only applications from Cisco will carry a Cisco signature.

Will Cisco support my open service container application? No. Cisco supports the host platform, including the virtualization infrastructure used to host service containers. If there is a problem with the platform or the underlying architecture Cisco will support that. Cisco service container applications that carry a Cisco digital signature will also be supported by Cisco.

However, an open service container application without a digital signature is supported by the application developer.

Main Qs and As to help you know Cisco IOS XE Open Service Containers well.

Hardware Requirements

Q: What Cisco platforms support open service containers?

A: Table1 outline the platforms that support open service containers.

Table1. Platforms

Platform

Q: Why does a virtual router (CSR 1000V) support KVM virtual machines?

A: In general, nested virtualization is discouraged in the industry due to decreased performance. However, there are some instances in which, for convenience, it makes sense to combine your hosted network functions virtualization (NFV) function inside a virtual router instance. The CSR 1000V also makes an ideal platform for open service container development. A developer can develop and troubleshoot an entire application without the need to invest in physical hardware. This is especially attractive in educational settings where students can learn about network concepts, including hosted applications in a completely virtual environment.

Q: What do I need to add to a platform to host an open service container on an 4000 Series Integrated Services Router (ISR)?

A: In general you will need to add the DRAM and storage required for your application. ISRs come by default with a 4-GB system DRAM and only bootflash storage. With IOS XE Release 16.3, open service container applications do not have access to bootflash or memory below 4 GB. This is to protect the integrity of the core system.

In practice, if you have an application that requires 2 GB DRAM, you will need to increase the memory in your 4000 Series ISR from 4 GB to 8 GB, which is the next available upgrade.

If your application includes a read-write file system (most do), you will also need to include storage. Cisco currently offers two different storage mediums. The NIM-SSD is a network interface module (NIM) that can contain 1 or 2 2.5” SSDs. As of IOS XE Release 16.3, only 200-GB SSDs are available. However, smaller, less expensive sizes will be available. While the NIM-SSD is compatible with all 4000 Series ISRs, there is an additional internal module for the 4300 Series ISR. This internal MSATA module does not consume an external slot and is also 200 GB today, with smaller options available in the future.

Q: What storage options are available in an ASR 1000 Series Aggregation Services Router?

A: Table2 shows storage options available on 1000 Series ASRs.

Table2. Storage Options

Storage Options

Q: What are the processor capabilities available to an open service container application?

A: Platforms contain different control and services plane CPUs depending on where they fit in the portfolio. In general, most platforms contain an Intel X86 CPU with four CPU cores reserved for control and services. The exception is the Cisco 4321 ISR, which has two cores for control and services. Cisco IOS XE Software reserves 25 percent of available CPU time for critical system functions, leaving at least 75 percent available for service container applications. If the IOS XE control plane does not require the 25 percent of time reserved for it, service container applications can consume more than 75 percent of the allocated time. However, that excess capacity is not guaranteed and will be available to control plane processes if they require it. Table 3 shows the processors and equivalent CPU available for hosted applications for each Cisco router.

Table3. IOS-XE Hardware Resources

IOS-XE Hardware Resources

 Cisco IOS XE Software Requirements

Q: What version of Cisco IOS XE Software supports open service containers?

A: Open (unsigned) KVM service containers are supported on Cisco IOS XE routers beginning with Release 3.17 in November 2015 and later. Support is also included in Cisco IOS-XE Release 16.2 and later.

Q: What license do I need to install an open service container?

A: No software license is required. However, additional hardware in the form of DRAM and storage as required for the application will need to be added to the system.

Q: What do I need to configure so that I can host an unsigned KVM application, or open service container, on my Cisco IOS XE router?

A: A single configuration command modifies the signature level for hosted applications. Commands and their functions are listed in Table4.

Table4. Available Commands

Available Commands

Q: How do I install and manage an open service container application?

A: Cisco IOS XE Software Release 16.3 provides a rich command line for installing debugging and managing open service container applications. The command syntax for show, debug, and configuration commands begins with the “virtual-service” keyword. Cisco IOS XE Software also contains support for IOx applications with an API-based Fog Director application. Beginning with Release 16.3 these are two different infrastructures within IOS XE. However, the two will converge in the near future so that a command line, API, and GUI tool can be used to install and manage the same application on a single device or across a large installed base of devices.

Application Requirements

Q: What file type is supported for open service container KVM applications?

A: Service containers use an industry-standard open virtualization archive (OVA) file. While the format of an OVA is standard, the contents are not. In general, OVAs contain one or more disk images, a version file, a manifest file, and a definition file that describe the virtual machine resource requirements. An OVA file is simply a tar archive containing these contents.

Q: What are the contents of an open service container OVA??

A: Table5 outlines the contents of an open service container OVA.

Table5. Open Service Container Contents

Open Service Container Contents

Q: What disk types are supported?

A: Open service containers can use ISO, RAW, and QCOW2 (compressed and uncompressed) disk formats. ISO disks are read-only disk images.

Q: What is the format of the package.yaml file?

A: In the Linux arena, an application known as Libvirt takes care of installing and managing KVMs. Libvirt uses an XML file to define the resources required for a specific VM. The libvirt.xml file is version-specific, human-unfriendly, and exacting about syntax. To simplify application development Cisco developed a yet-another-markup-language (YAML) schema for defining VM resources.

The service container YAML schema is readable and simple.

Cisco IOS XE infrastructure takes care of converting this YAML file into the XML file required by the specific version of libvirt used internally. An application needs to be developed only once to be used across IOS XE platforms and versions. A software developer familiar with developing KVM applications should be able to create a package.yaml file in a few minutes.

For reference, following is a package.yaml file from a working open service container.

CODE

Q: Where can I find more information about developing my own open service container application?

A: Cisco DevNet is the premiere place to find developer resources and connect with a community of Cisco and third-party developers who are excited to provide help in getting your application running. You can also find sample code, including complete functioning OVAs and developer guides to get you started. Visit https://developer.cisco.com/site/kvm/ to get started.

 

The full pdf file from https://www.cisco.com/c/dam/en/us/products/collateral/routers/asr-1000-series-aggregation-services-routers/q-and-a-c67-737653.pdf

More Related…

Model Comparison: ISR 4321 vs. 4331 vs. 4351 vs. 4431 vs. 4451 Router

Say Something about Cisco 4400 and 4300 Series

The New ASR1001-HX—The Most Powerful Compact Service Router

Share This Post

Post Comment