Thanks to all who joined us for the November 15 DemoFriday™ featuring Glue Networks and Cisco onePK demo. The demo outlined how Glue Networks uses Cisco onePK to create location-based discovery and security policy management to achieve faster identification and response to tampering, and a streamlined process that dramatically reduces human error.
After the presentation and demo, participants asked their questions for the demo leaders: Kumar Reddy, Cisco’s director of technical marketing, and Hector Salas, solutions architect at Glue Networks. You can read that Q&A below, watch the full presentation, or check out the teaser video and other resources.
Is onePK Cisco’s answer to software-defined networking (SDN)?
Cisco: OnePK is part of our SDN solution called Cisco ONE [Open Network Environment]. It is the device-layer API piece. There are other components in our SDN solution, one being the XNC controller. We also have a series of plug-ins, also often utilizing onePK, which reside on the devices themselves, and we talk different types of northbound protocols, OpenFlow being one of these.
How are my applications hosted?
Cisco: Applications can be hosted in three locations: 1) directly on the device running on the RP within a container, 2) on a separate blade or line card within the devices chassis, or 3) on an end host device connecting to the Network Element from the outside.
How does Glue Networks as a service ensure the security of my Cisco devices?
Glue: Glue Networks uses Role-Based Access Control in a multi-tenant-capable database backed with Radius authentication to ensure proper access to the Gluware interface. On the routers managed by Gluware, Glue Networks blocks standard access via Telnet, SSH, and console access to prevent unauthorized access to WAN infrastructure.
How do I prevent unauthorized applications from accessing onePK?
Cisco: Users/applications coming into onePK are authorized through AAA. Also, the connection itself will need to come over TLS using certificates.
When is onePK available? When is Gluware for Cisco/onePK available?
Glue: Cisco has offered access to the onePK SDK in a limited-release format. Glue Networks has been leveraging this access to build applications into the Gluware tool that are available in our products today.
Via onePK, can I access the VRF and manipulate VRF for VPN?
Cisco: Routes within VRFs can be accessed and manipulated. We do not have a specific VPN service set at this time.
On a Cisco router, e.g., a PE router, can I have some ports facing customers as well as facing the MPLS backbone on a legacy protocol such as BGP or OSPF, including the standard data path and other ports under the control of the controller and application?
Do you have the ability to provision from a higher-order service, such as a virtual call center?
Cisco: OnePK is provided as a set of library calls in multiple languages. If the higher-order service was able to tap into those library calls, then yes, the network elements could be manipulated through the higher-order service. An example of this is interfacing with provisioning tools such as Puppet or Chef.
Glue: Glue offers interfaces based on a RESTful API that can be used to interact with other tools such as SDN controllers in order to provide feedback as well as control functions for the WAN. This allows customers to leverage next-generation tools to provide the best solution for managing their WANs.
Will network administrators need to develop skills such as Python to do their jobs? If so, is there a sandbox for playing with these features?
Cisco: They will not need to develop Python skills to do their jobs. Learning Python will give them another tool in their toolbox, though. This can help with their day-to-day activities and increase their potential to automate routine tasks. As part of the onePK program, a sandbox will be provided containing both sample applications and a network simulator.
Glue: We see that there will be a need for future network engineers to build and develop skill sets around programmatic interfaces based on languages such as Python and Java in order to interact with control-plane tools that manage the WAN.
When is this Python SDK going to be available?
Cisco: End of Q4, calendar year 2013.
Are onePK APIs open and generally available today?
Cisco: The APIs are currently in controlled availability. To request access, go to http://developer.cisco.com/web/onepk/home.
Glue: Glue Networks has leveraged the onePK APIs that are available in limited release from Cisco to bring advanced capabilities to the market. In our testing, we leveraged Cisco hardware to test and validate these capabilities.
Does an application developer need access to Cisco equipment to create, test/debug or validate applications (for example, when developing an ASR 9000 application)?
Cisco: A network simulator is provided based on IOS software. Work is in progress to support other simulated Cisco operating systems.
Why was onePK invented? Do you see a deficiency in OpenFlow?
Cisco: OnePK was invented to allow users to tap into the wealth of information that is available within Cisco devices. This includes information that may not be available through the OpenFlow protocol. An example of such information is events occurring directly on the network element. With onePK, you can get event notifications sent off the device to your onePK applications.
Can your onePK can work with OpenDaylight via the OpenFlow agent that sits on top of onePK?
Cisco: Yes, the OpenFlow agent that was written on top of onePK can interface with OpenDayLight.