Application Hosting in NX-OS Guest Shell

In addition to the NX-OS CLI and bash access on the underlying Linux environment, the Cisco Nexus 3000/9000 Series devices support access to a decoupled execution space running within a Linux Container (LXC) called the "Guest Shell". This Guest Shell is based on CentOS 7, and can be managed using traditional linux commands.

From within the Guest Shell the network-admin has the following capabilities:

  • Access to the network.
  • Access to Cisco Nexus bootflash.
  • Access to Cisco Nexus CLI.
  • The ability to install and run python scripts.
  • The ability to install and run 64-bit Linux applications.

Installing RPMs in Guest Shell

By default, the Yum RPM package manager is included in the Guest Shell for the installation of software packages. Yum is pointed to the yocto repository.

Firstly enable the Guest Shell

Enable the Guest Shell and gain su permissions

switch# guestshell
[guestshell@guestshell ~]$ sudo su
[root@guestshell admin]#

Installing an RPM

We are now going to install Iperf monitoring and latency tool within the Guest Shell. First we must install the "epel" repository.

[root@guestshell admin]# chvrf management yum install epel-release
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.gigenet.com
 * extras: mirrors.lga7.us.voxel.net
 * updates: mirror.5ninesolutions.com
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-9 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=========================================================================================
 Package                  Arch               Version            Repository          Size
=========================================================================================
Installing:
 epel-release             noarch             7-9                extras              14 k

Transaction Summary
=========================================================================================
Install  1 Package

Total download size: 14 k
Installed size: 24 k
Is this ok [y/d/N]: y
Downloading packages:
epel-release-7-9.noarch.rpm                                       |  14 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
  Installing : epel-release-7-9.noarch                                               1/1 
  Verifying  : epel-release-7-9.noarch                                               1/1 

Installed:
  epel-release.noarch 0:7-9                                                              

Complete!

# Now install iperf
[root@guestshell admin]# chvrf management yum install iperf
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.eboundhost.com
 * epel: mirror.unl.edu
 * extras: mirrors.maine.edu
 * updates: mirrors.umflint.edu
Resolving Dependencies
--> Running transaction check
---> Package iperf.x86_64 0:2.0.8-1.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package         Arch             Version                  Repository      Size
================================================================================
Installing:
 iperf           x86_64           2.0.8-1.el7              epel           321 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 321 k
Installed size: 396 k
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
iperf-2.0.8-1.el7.x86_64.rpm                               | 321 kB   00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : iperf-2.0.8-1.el7.x86_64                                     1/1
  Verifying  : iperf-2.0.8-1.el7.x86_64                                     1/1

Installed:
  iperf.x86_64 0:2.0.8-1.el7

Complete!
[root@guestshell admin]#

Running an Application in the Guest Shell

In this example, we are going to check the latency across the network using Iperf we was just installed above.

[root@guestshell admin]# iperf -c 35.35.35.1
Connecting to host 35.35.35.1, port 5201
[  4] local 35.35.35.36 port 29300 connected to 35.35.35.1 port 5201
[ ID] Interval           Transfer     Bandwidth       Retr  Cwnd
[  4]   0.00-1.00   sec   325 KBytes  2.66 Mbits/sec    0   58.0 KBytes
[  4]   1.00-2.00   sec   291 KBytes  2.39 Mbits/sec    0   70.7 KBytes
[  4]   2.00-3.00   sec   307 KBytes  2.51 Mbits/sec    0   86.3 KBytes

In addition to having the ability to install RPMs to test network latency and throughput, agents for configuration management, such as Puppet or Chef, can be installed, aloowing easy integration into your automation framework.

Also, RPMs are available to install monitoring agents such as Splunk or Tcollector, allowing you to easily integrate with you monitoring toolchain.

Conclusion

This is just a sample of the potential usecases that can be leveraged through Guest Shell. Custom scripting can be run on box, integatraion with git for configuration backup are just some other use cases.

I hope that this has provided some insight into the capabilities of Guest Shell on NX-OS and how you can leverage it to interact with the Nexus platform

To learn more about Guest Shell, check out About the Guest Shell on CCO.