onePK FAQ

Basic Questions
onePK Security
onePK and OpenFlow
Technical Questions
Site Feedback

 

Basic Questions

 

Q: What is Cisco onePK?
A: One Platform Kit (onePK) is an easy to use toolkit that enables software developers to access, extend or customize the rich set of software functionality provided by Cisco routers and switches. onePK provides a comprehensive API Library allowing users to create applications and services for their networking needs.

Q: What does the name One Platform Kit mean?
A: Cisco One Platform Kit is a development toolkit for major Cisco Platforms, current & future. It is a name that plays off of SDK (Software Development Kit), but is made specific to Cisco platforms. Basically, the name is meant to denote One Kit, Many Platforms. onePK works on both network devices as well as servers, and can access and control a variety of network functions. It is one easy to use development kit for Cisco Platforms, from IOS, XR, NX-OS platforms.

Q: What does onePK do?
A: with the power of onePK, you can:

  • Enable the extension, automation and configuration of capabilities available on Cisco routers and switches.
  • Program your network in new ways, either by creating services you can extend to your customers or internal businesses, automation of tasks, or improving on current applications you already have running in your network. onePK makes your network more flexible and application-aware when shifting conditions such as network utilization impact underlying network operation.
  • Get easier access to the information inside your network devices so you can deliver it business platforms, custom business logic or into existing services and applications. onePK allows you to unleash the power of your network in new ways for a fast, flexible, and intelligent infrastructure, all based on the data your network holds.

Q: What does the Kit consist of?
A: onePK is a set of API Libraries that allow for easier access to monitor and control your network. These API libraries are currently available in C and Java, with Python and REST coming in the future.  onePK includes what you need to get up and running to build, automate, extend and improve applications or services using the features available on Cisco platforms.

  • API Libraries include: Policy, Routing Protocols, Data Path, Discovery, Element, and Utility to start.
  • Extensions offered include: Diagnostics, Identity and more.
  • Developer Support: onePK will offer access to a developer community along with training and tools.

Q: Who would use onePK?
A: onePK can be used by developers, operators, engineers or anyone who wants to optimize their current network infrastructure. onePK is the toolkit that allows them to customize, extend, build to or automate functionalities of Cisco routers or switches. Users can create management automation programs, integrate functionality to be delivered in separate gateways to reduce footprint and costs or write business logic to integrate their provisioning or service engineering functions.

Q: What languages does onePK support?
A: Currently, onePK supports C and Java.

Q: How are my applications hosted?
A: onePK offers the ability to host your application on a Cisco switch or router, on services blade within the switch or router or on a separate server. Applications hosted on separate servers use a secure communications channel to communicate with the onePK infrastructure.

Q: Will all hosting models be supported on all platforms?
A: Support for hosting models will vary based on the hardware configuration, operating system, application type (Cisco, customer, 3rd party), software release and program phase.

Q: Can I program data plane operations?
A: Yes. The onePK data path service set offers functions to punt, copy and inject packets.

Q: How does building applications or adding new services to your network with onePK compare with scripting using the CLI or other interfaces?
A: While scripting using the CLI or other interfaces is most often used for simple network automation tasks oriented toward one specific device, onePK allows users to create applications and services that can be extended across multiple Cisco routers and switches. The developer's source code will actually be compiled and function in close association with the device operating system unlike an interpreted script.
 

Return to Top

Security

Q: How do I prevent unauthorized applications from accessing onePK?
A: There are many layers of security that prevent unauthorized access:

  1. onePK must be explicitly enabled in the CLI before applications can access the API infrastructure. 
  2. Applications must authenticate whenever they connect to a router or switch.  
  3. Communicate between the application and the device is encrypted.
  4. Only signed applications can access the onePK infrastructure. Application signing will be provided through different mechanisms depending upon where and how the authorized application is hosted.

Q: How can I be sure that my application will not disrupt router or switch functionality?
A: While providing a rich set of functionality, the API has been designed using best practices to reduce the likelihood of an error that would disrupt system operation.

  1. The network administrator can configure the allowable resource consumption for APIs.
  2. The network administrator can terminate any application. 
  3. For applications hosted on-box or on a system server, a container infrastructure is used to constrain application operation, enhance security and protect system resources.
  4. Code isolation and strong typing ensure the integrity of the network OS.

Return to Top

 

OpenFlow and onePK

Q: What is OpenFlow?
A: The OpenFlow specification describes itself as "an open standard that enables researchers to run experimental protocols in the campus networks we use every day. OpenFlow is added as a feature to commercial Ethernet switches, routers and wireless access points – and provides a standardized hook to allow researchers to run experiments, without requiring vendors to expose the internal workings of their network devices."

Q: What is the current version of OpenFlow?
A: OpenFlow versions currently available are 1.0, 1.1, 1.2 and 1.3 (currently being drafted) and are primarily utilized for with packet forwarding via a control plane model. There are also discussions underway at the ONF to take a break from adding new features and focus on enhancing the current capabilities to make them more production-ready.

Q:What is the "hybrid model"?
A: An important development within OpenFlow is referred to as the hybrid model, where OF is used selectively for certain workloads or traffic flows and the remaining traffic is handled as it is today. One objective of hybrid would be to allow same infrastructure to be used for both OpenFlow and traditional traffic. If OpenFlow becomes widely accepted, it will likely be by using the hybrid model that customers can add OpenFlow support to their existing infrastructure systematically.

Q: Is Cisco involved with the ONF
A:  Yes, Cisco is actively engaged with the ONF. Cisco technical leaders are playing key roles in shaping the evolution of the protocol and are an active participant across multiple groups.

Q: How does OpenFlow differ from onePK? Do they do basically the same thing?
A: OpenFlow is an emerging protocol that focuses on forwarding plane operation. onePK is a development kit that allows users to access and optimize the function of Cisco devices. onePK allows access to information on routing, policy, manageability, provisioning, discovery and a wide variety of device and network functions in addition to data plane access and programmability. Cisco views OpenFlow and onePK as complimentary. Developers working with OpenFlow may be able to benefit from the functionality provided by onePK beyond the scope of the OpenFlow specification.

Return to Top

Technical Questions

Q: Is onePK a replacement for CLI?
A: The purpose of onePK is to provide capabilities to a Cisco device never possible before. That being said, onePK provides an abstracted programmatic interface to many of the same capabilities as CLI.

Q: Is onePK a replacement for EEM?
A: No.  While both can be used for network automation, EEM (Embedded Event Manager) and onePK enable different sets of users and use cases.  EEM provides an on-box scripting environment (using TCL or CLI) that can be triggered from a rich set of internal events. Network operators and administrators have long used EEM to automate tasks related to provisioning, monitoring and maintenance.  The onePK SDK provides programming interfaces (C, Java, and Python) that gives application developers direct access to information and functionality inside the network operating system.  The onePK applications can be run in a variety of environments (on or off-box) and it can even leverage EEM to extend its programmatic capabilities.

 Q: How is the SDK organized?
Functionality is broken down into "Service Sets" which group API calls into similar functions. The following graphic shows how the service sets can be used.

Service sets image

Return to Top

Site Feedback

Q: How can I send feedback on the onePK Developer Center site?
A: Please send any feedback to onepk-site-feedback@cisco.com.

Return to Top