Application Capabilities

This page describes ISR4K/ASR1K platform specific capabilities that are available to IOx application.

Application Types supported

ISR4K/ASR1K platforms support LXC and KVM type applications.

However, there are some exceptions for docker type support are discussed in the following section.

Docker Type Support Exceptions

For 16.8 and 16.9, due to the host-os lack of support for multi-layering, Enterprise "docker" type apps are "not" supported. Please use the LXC type work-flow instead.

Planned for 16.10, Polaris XE-linux support of multi-layering via OverlayFS will enable "docker" type application support Additionally, to console access an IOx docker app, which does not support a "getty" serial driver attached to t tyS0/S1 devices, the console "session" option is supported for non-authenticated connections to the docker app as shown below.

iox-4321-02#app-hosting connect appid perfsonar session
sh-4.2# ps
  PID TTY          TIME CMD
22292 pts/0    00:00:00 sh
22294 pts/0    00:00:00 ps
sh-4.2#

Refer to Docker Applications for more details on building a Docker Type application.

Application resource limit

Platform Memory (MB) Max VMs vCPUs CPU Units HDD Storage (GB)
ISR4321 512-10240 2-4 2-6 20
ASR1001-X 512-4096 2-4 1 10-20

ioxclient Configuration

The initial default "ioxclient" default profile, which is created at the users home directory, needs to be initialized as follows.

In general, the configuration values are customer specific, except for the following parameters:

  • Your IOx platform's port number[8443] : 443
  • Local repository path on IOx platform[/software/downloads]:
  • API Prefix[/iox/api/v2/hosting/]:
  • Your IOx platform's SSH Port[2222]: 22

Example:

~$ ioxclient
Config file not found :  /home/USERID/.ioxclientcfg.yaml
Creating one time configuration..
Your / your organization's name : cisco
Your / your organization's URL : www.cisco.com
Your IOx platform's IP address[127.0.0.1] : 72.163.111.112
Your IOx platform's port number[8443] : 443
Authorized user name[root] : appdev
Password for appdev :
Local repository path on IOx platform[/software/downloads]:
URL Scheme (http/https) [https]: https
API Prefix[/iox/api/v2/hosting/]:
Your IOx platform's SSH Port[2222]: 22
Activating Profile  default

Application Networking

ISR4K/ASR1K platforms support for application networking:

  • Management Interface connections only support Layer2 Bridge mode. Applications are not aware of the IOS Management interface's VRF configuration.
  • VPG (Virtual Port Group) interfaces connections:
    • Layer3 Routed mode
    • NAT (Network Address Translation)
    • ip-unnumbered
  • IPv6 for application network interface is not supported.

Device resources

  • Application accessible storage medium is the same medium used for installation which is an internal HDD.
  • There are four serial ports (stty0-stty3) available for applications as follows:
Serial Port Linux Device (/dev) Function IOS Exec CLI Command
serial0 ttyS0 console connection app-hosting connect appid MYAPP console
serial1 ttyS1 auxillary connection (2nd concurrent app console connection) app-hosting connect appid MYAPP aux
serial2 ttyS2 syslog and IOS console logging show logging
serial3 ttyS3 Trace logfile request platform software trace rotate all

For more details, refer to Section Enterprise App-Hosting Logging Tracing Services

Application Security

ISR4K/ASR1K platforms support application signature verification. App signature validation is disabled by default.

Licensing

ISR4K/ASR1K platforms do not require any special Cisco Smart Licensing to enable App-Hosting.

IOx services

IOx services is by default disabled for ISR4K/ASR1K platforms. The following IOX features require IOS CLI configurations to be saved on the platform.

IOx Enablement

To enable IOX to support any App-Hosting features, the following IOS CLI is required:

iox-4321-02#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
iox-4321-02(config)#iox
iox-4321-02(config)#end
iox-4321-02#

To validate IOX infra is running:

iox-4321-02#sh iox-service
Virtual Service Global State and Virtualization Limits:

Infrastructure version : 1.7
Total virtual services installed : 1
Total virtual services activated : 0

Machine types supported   : KVM, LXC
Machine types disabled    : none

Maximum VCPUs per virtual service : 4
Resource virtualization limits:
Name                         Quota     Committed     Available
--------------------------------------------------------------
system CPU (%)                  33             0            33
memory (MB)                   4096             0          4096
bootflash (MB)                1000             0           272
harddisk (MB)                20000            65         16305
volume-group (MB)           190768           848        169440


IOx Infrastructure Summary:
---------------------------
IOx service (CAF)    : Running
IOx service (HA)     : Not Running
IOx service (IOxman) : Running
Libvirtd             : Running

iox-4321-02#

"IOx service (HA)" state of "Not Running" is expected since ISR4K does not support High Availability (HA).

To proceed with any app-hosting life-cycle commands, you must wait until the IOX infra is ready by using the "show app-hosting list" until the current app-hosting state output is shown.

Example:

iox-4321-02#show app-hosting list
No App found

IOX Interface Configuration Examples

Below are examples of 16.8 IOS CLI App-hosting configuration CLIs. Release 16.9 introduces a different IOS CLI syntax. Refer to the customer documentation on Cisco.com: Programmability Command Reference and Programmability Configuration Guide

Management Interface Configurations

Use these configurations "only" if Management port is used for the Application data port.

Configs requires Management interface and Application interface to be on the same subnet.

For the example configs, shared subnet is 172.26.200.0/24:
Mgmt-if IP:   172.26.200.131    (Public IP)
Application IP: 172.26.200.134  (Public IP)
Gateway IP:   172.26.200.1      (Public or Private IP)
DNS IP:       172.19.198.82

conf t>
!!! Management interface
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 ip address 172.26.200.131 255.255.255.0
 negotiation auto
!
!!! IOx App configs for LXC/DOCKER CONTAINER STATIC IP ASSIGNMENT
app-hosting appid preflxc
 vnic management guest-interface 0 guest-ipaddress 172.26.200.134 netmask 255.255.255.0 gateway 172.26.200.1 name-server 172.19.198.82 default

end

Front Data Panel data-port interface configurations

Use these configurations "only" if front data-port is used for the Application data port.

Configs requires data-port interface and Application interface to be on the different, routable "public" subnets. Application eth0 connects to a Virtual Port Group (VPG) subnet which is routed to a front panel data-port. For 16.8, only L3 routable front-panel data port mode is supported for container connections via VPG. No L2 switching features are supported for the VPG in 16.8.

For the example configs:
Data-Port IP: 201.201.201.1     (Public or Private IP)
VPG IP:     : 30.30.30.1        (Public IP)
Application IP: 30.30.30.10     (Public IP)
Gateway IP:   201.201.201.10    (Public or Private IP)
DNS IP:       172.19.198.82

conf t>
!
interface GigabitEthernet0/0/0
 ip address 201.201.201.1 255.255.255.0
 media-type rj45
 negotiation auto

!
!!! Virtual Port Group (VPG) configs
interface VirtualPortGroup0
 ip address 30.30.30.1 255.255.255.0
 no mop enabled
 no mop sysid
!

!!! IOx App configs for LXC/DOCKER CONTAINER STATIC IP ASSIGNMENT 
app-hosting appid preflxc
 vnic gateway1 virtualportgroup 0 guest-interface 0 guest-ipaddress 30.30.30.10 netmask 255.255.255.0 gateway 30.30.30.1 name-server 172.19.198.82 default

end

IOX App DHCP Support

The above app-hosting Static IP address configurations apply only to LXC or Docker type IOx applications. KVM does not support IOS configuration for Static IPs.

KVM apps IP address assignment can be done either:

  1. OS specific manual configuration of the eth0 interfaces.
  2. Using an application installed DHCP client.

For any IOx application implementing DHCP IP address assignments, the following app-hosting configurations are used.

!!! IOx App configs for for IOX APP DHCP IP ASSIGNMENT
app-hosting appid preflxc
 vnic management guest-interface 0
 vnic gateway1 virtualportgroup 0 guest-interface 0

IOx Application Life-cycle IOS CLI Commands

Below are examples of 16.8 IOS CLI App-hosting Life-cycle CLIs. 16.9 introduces a different IOS CLI syntax. Refer to the customer documentation on Cisco.com: Programmability Command Reference

  • Install and Start App via IOS exec commands which "must" be followed in the given order:

    • app-hosting install appid perflxc package flash:perfsonar-testpoint.v4.0.c1.0.0.tar

    • app-hosting activate appid perflxc

    • app-hosting start appid perflxc

      NOTE: the above commands might take several minutes to complete depending upon various factors:

      • Speed of the USB Flash Disk

      • Switch/Router activity load

      • Boot-up time of the application

  • Check Application Status

    • show app-hosting list
      • This command shows the application operational state.

  • Check Application Resources

    • show app-hosting detail appid <APPID-NAME>
      • This command shows the resources allocated to the given appid. The app perflxc LXC resources such as system memory, vcpus, cpu resources, etc are shown below.

Example of Life-cycle command for a PerfSonar LXC app

AppHosting#app-hosting install appid perflxc package flash:perfsonar-testpoint.v4.0.c1.0.0.tar
perflxc installed successfully
Current state is: DEPLOYED

AppHosting#app-hosting activate appid perflxc
perflxc activated successfully
Current state is: ACTIVATED

AppHosting#app-hosting start appid perflxc
perflxc started successfully
Current state is: RUNNING


AppHosting#show app-hosting list
App id                           State
------------------------------------------------------
perflxc                          RUNNING


AppHosting#show app-hosting detail appid perflxc
State                  : RUNNING
Author                 : Cisco
Application
  Type                 : lxc
  App id               : perflxc
  Name                 : perfsonar-lxc
  Version              : 1.0.0
Activated profile name : custom
  Description          : PerfSONAR 4.0 Cisco IOx LXC
Resource reservation
  Memory               : 2048 MB
  Disk                 : 10 MB
  CPU                  : 7400 units
  VCPU                 : 2
Attached devices
  Type              Name        Alias
  ---------------------------------------------
  Serial/shell
  Serial/aux
  Serial/Syslog                 serial2
  Serial/Trace                  serial3

Network interfaces
   ---------------------------------------
eth0:
   MAC address         : 52:54:dd:be:a5:7f
   IPv4 address        : 172.19.198.83
  • To Connect to IOx PerfSonar console: (login/password: root/cisco)
> app-hosting connect appid perflxc console

NOTE: to exit Perfsonar's console mode, use "^c^c^c".

Output Example:

CAT9K#app-hosting connect appid perflxc console
Connected to appliance. Exit using ^c^c^c

CentOS Linux 7 (Core)
Kernel 4.4.86 on an x86_64

CAT9K_1_RP_0 login: root
Password: cisco
Last login: Tue Oct 31 23:29:44 on ttyS0
[root@CAT9K_1_RP_0 ~]#
  • To Delete a Running App, the following sequence order must be followed:
    • app-hosting stop appid
      • App in "shutdown" state, but cpu/memory/disk resources still allocated and rootfs files and changes remain persistent
    • app-hosting deactivate appid
      • App removed with cpu/memory/disk resources all released, but rootfs files and changes remain persistent
    • app-hosting uninstall appid
      • App completely removed from IOx and all rootfs files and changes are lost