What is Cisco onePK?
One Platform Kit (onePK) is a software development toolkit that enables software developers to access, extend or customize the software functionality provided by Cisco routers and switches, enabled by API Libraries in C, Java and Python,. With onePK users can create advanced applications and services for their networking needs.
The name plays off the acronym "SDK" (Software Development Kit), the Cisco Open Network Environment (ONE), and the key concept that there is one API set for all major platforms: IOS, IOS-XR, NX-OS platforms.
What does onePK consist of?
The core of onePK is a set of API Libraries that allow for easier access to monitor and control your network. These API libraries are currently available in C and Java, with Python and REST coming soon. The libraries, tutorials, example applications and network simulation tools in onePK include what you need to get up and running to build, automate, extend and improve applications or services using the features available on Cisco platforms.
- Current API Libraries include: Policy, Routing Protocols, Data Path, Discovery, Element, and Utility to start.
- Future extensions offered include: Diagnostics, Identity and more.
- Developer Support: onePK will be supported via a developer community along with training and tools.
When is onePK available?
The platform roadmap for FCS releases of onePK is:
- Available Q2 CY13: ISRG2, Nexus 3K (Limited)
- Q3 CY2013: ASR1K, Nexus 3k/3500.
- Q4 CY2013: ISR 8xx, ISR 19xx, ISR 4400, N5K, N6K, N7K.
- Q1 CY2014: Cat2K/3K/4K, CSR1000V, ASR9K.
- 2014: Cat 6K, ME36/3800, CRS, Nexus 1KV.
The Software Development Kit (SDK) portion of onePK is available for download by developers involved in the Controlled Availability phase here on the onePK Developer site. Anyone wishing to apply to become involved in the Controlled Availability phase can do so by completing the registraton form here: http://developer.cisco.com/web/onepk-developer/web-form.
Specific versions of the NOS are supported by specific versions of the SDK client libraries. For example, IOS 15.3(2)T is supported by the 0.7 version of the SDK. IOS 15.4(3)T and IOS 15.3(3)M is supported by the 1.0 version of the SDK.
What does the name One Platform Kit mean?
Cisco One Platform Kit is a development toolkit for major Cisco Platforms, current future. It is a name that plays off the acronym "SDK" (Software Development Kit), but is made specific to Cisco platforms. Basically, the name is meant to denote one kit for many platforms. onePK works on both network devices as well as servers, and can access and control a variety of network functions. It is one easy to use development kit for Cisco Platforms, from IOS, IOS-XR, NX-OS platforms.
What does the Kit consist of?
onePK is a set of API Libraries that allow for easier access to monitor and control your network. These API libraries are currently available in C and Java, Python and REST coming soon. onePK includes what you need to get up and running to build, automate, extend and improve applications or services using the features available on Cisco platforms.
- API Libraries include: Policy, Routing Protocols, Data Path, Discovery, Element, and Utility to start.
- Extensions offered include: Diagnostics, Identity and more.
- Developer Support: onePK will offer access to a developer community along with training and tools.
What are the most common use cases for onePK?
Use cases for onePK that we have seen thus can be categorized into different areas, as shown below. This is not a formal or exhaustive analysis, but rather an indication of what onePK has been used for thus far.
- Custom Routing and Traffic Steering
- Custom Traffic Analytics
- Network Automation
- Health Monitoring
- Policy Control
- Threat Mitigation
- Data Center Orchestration
- NMS/OSS Integration.
Who would use onePK?
Anyone can use onePK whether they see themselves as developers, operators, engineers or anyone else who wants to optimize their network infrastructure, and integrate that with other systems. With onePK anyone can customize, extend or automate functionalities of Cisco routers or switches.
Who is using onePK today?
There are hundreds of customers, service providers and many ISVs evaluating onePK today. Examples of specific applications that have been developed by participants with the intent of productization include:
- A configuration and verification tool
- A Topology mapping and device location mapping monitor
- A path trace network monitoring application
- Programming application routes based on utilization/latency/cost
- Custom encryption of selected traffic
- Deployment of Puppet agents for provisioning and many others.
What is the difference between Software Defined Networking and onePK?
Is onePK SDN?
SDN is a new approach to designing, building and operating networks. Software Defined Networks usually consist of a control plane that is decoupled from the data plane and is logically centralized in the form of a controller. Communication between the controller and the network device is facilitated by a standard protocol such as OpenFlow or any number of possible agents. An SDN architecture usually involves APIs that allow customers and developers control the underlying network. These APIs may be standards-based, or they may be vendor-specific, such as onePK.
The capabilities of onePK may be used to facilitate the construction of an SDN based system. For example, onePK can be used to implement OpenFlow agents, or used by the Cisco eXtensible Network Controller, both of which represent typical elements of the "traditional" SDN architecture.
What is the difference between Cisco ONE and onePK?
As a component of Cisco's Open Network Environment (ONE), onePK provides the network level APIs that enable the other elements of ONE. Cisco ONE is Cisco's framework for delivering its SDN solutions and closely related technologies. Cisco ONE is delivered through a comprehensive set of platform APIs, agents, controllers, applications and overlay network technologies.
What is the roadmap for onePK, and what sorts of features can we expect in the future?
In addition to proliferating platform support, you'll see a growing number of API "Service Sets". These new service sets will give developers access to advanced features and components beyond that of today's base service set. In addition to new services the onePK SDK will also add new languages and tools over time.
Most importantly, as third-party developers bring their innovative new applications to market, you'll also see a growing set of applications available.
Is there an onePK plugin for Open Daylight?
Cisco is working closely with OpenDaylight to see what the prominent use cases will be. At that time, Cisco (or in theory anybody) may write a vendor-specific plugin for onePK. The Cisco eXtensible Network Controller (XNC), based on the OpenDaylight platform, shall support onePK..
What languages does onePK support?
t general availability, onePK will support C, Java and Python with additional agents for REST coming in the future. Of course, anyone can use onePK to create an agent that exposes their REST interface of choice, or, indeed, any other management interface that they want their network to support.
How are my applications hosted?
With onePK your application can be hosted on a Cisco switch or router, called "process" hosting, on services blades, e.g. UCS-E on an ISRG2, within the switch or router, called "blade hosting", or on a separate server, known as "end-point" hosting. Applications use a secure communications channel to communicate with the onePK infrastructure in the NOS.
Will all hosting models be supported on all platforms?
Support for hosting models will vary based on the hardware configuration, operating system, application type (Cisco, customer, 3rd party), software release and program phase.
Can I program data plane operations?
Yes. The onePK service sets offer functions to divert, copy and inject packets, set policies and program the RIB.
How does building applications or adding new services to my network with onePK compare with scripting using the CLI or other interfaces?
Scripting, using the CLI or other management interfaces, is most often used for simple network automation tasks oriented toward one specific device. The same developers can also use onePK to address the same uses cases, but with much greater ease and, crucially, without being subject to CLI changes that break scripts.
How do I prevent unauthorized applications from accessing onePK?
There are many layers of security that prevent unauthorized access:
- An administrator must explicitly enable and configure onePK connectivity in the CLI before applications can access the API infrastructure in the NOS.
- Applications must authenticate whenever they connect to a router or switch, and the user identity must have the appropriate authorization.
- Communication between the application and the device NOS is encrypted.
- Only signed applications can access the onePK infrastructure or be deployed in process hosting models. Application signing will be provided through different mechanisms depending upon where and how the authorized application is hosted.
How can I be sure that my application will not disrupt router or switch functionality?
While providing a rich set of functionality, the API has been designed using best practices to reduce the likelihood of an error that would disrupt system operation. This does not remove the need for appropriate quality assurance of application code and a risk assessment of any new operational models. Additionally:
- The network administrator can configure the allowable resource consumption for applications in the process-hosted model.
- The network administrator can terminate any application via CLI.
- For applications deployed in the process-hosted mode or on blades, a container infrastructure is used to constrain application operation, enhance security and protect system resources
- Code isolation and strong typing of the client libraries ensure the integrity of the NOS.
OpenFlow and onePK
What is OpenFlow?
The OpenFlow specification describes itself as "an open standard that enables researchers to run experimental protocols in the campus networks we use every day. OpenFlow is added as a feature to commercial Ethernet switches, routers and wireless access points â and provides a standardized hook to allow researchers to run experiments, without requiring vendors to expose the internal workings of their network devices."
Will Cisco Support OpenFlow?
Yes. Cisco has OpenFlow 1.0 agents in limited availability for various Catalyst, ASR9K and Nexus Platforms. Later this year Cisco will introduce production ready versions of OpenFlow 1.3 for a variety platforms, expanding into general availability. This support will based on "agents", which are onePK applications running on a device that use APIs to control the NOS and expose the OpenFlow protocol to controllers.
What is the current version of OpenFlow?
OpenFlow versions currently available are 1.0, 1.1, 1.2, 1.3 and 1.4 (currently being drafted).
What is the "hybrid model"?
An important development within OpenFlow is referred to as the hybrid model, where OF is used selectively for certain workloads or traffic flows and the remaining traffic is handled as it is today. One objective of hybrid would be to allow same infrastructure to be used for both OpenFlow and traditional traffic. If OpenFlow becomes widely accepted, it will likely be by using the hybrid model that customers can add OpenFlow support to their existing infrastructure systematically.
How does OpenFlow differ from onePK? Do they do basically the same thing?
OpenFlow is an emerging protocol that focuses on forwarding plane operation. whereas onePK is a development kit that allows users to access and optimize the function of Cisco devices. The scope of onePK allows access to information on routing, policy, manageability, provisioning, discovery and a wide variety of device and network functions, in addition to data plane access and programmability. Cisco views OpenFlow and onePK as complimentary, indeed Cisco's OpenFlow support is provided via onePK. Developers working with OpenFlow may be able to benefit from the functionality provided by onePK beyond the scope of the OpenFlow specification.
Is onePK a replacement for CLI?
The purpose of onePK is to provide capabilities for controlling and managing a Cisco devices that are far easier to use than CLI for automation. Many of the use cases for onePK can also be addressed via CLI, albeit less efficiently, and with exposure to necessary CLI changes. Above and beyond that, onePK also offers capabilities, such as the Data Path service set, that are not available via CLI.
Is onePK a replacement for EEM?
No. Indeed, EEM is a major infrastructure element of the onePK NOS implementation, and the two programming models can be very successfully combined. While both can be used for network automation, EEM (Embedded Event Manager) and onePK typically enable different sets of users and use cases. Existing EEM scripts can be extended and integrated with onePK applications using the same event model that EEM supports today.
How is the SDK organized?
Functionality is broken down into "Service Sets" which group API calls into similar functions. The following graphic shows how the service sets can be used.
New Troubleshooting Guide
Now you can troubleshoot onePK application development with the new Troubleshooting Guide from the SDK and Docs page