IOx Applications Deployment on IE9300 Switch

Introduction to IOx Application Management on IE9300 Switch

The most commonly used IOx applications are Cisco Cyber Vision and iPerf. Cisco Catalyst IE9300 Rugged Series Switches support both LXC and Docker-based applications that utilize ARM64 architecture, offering a range of deployment options. The IE9300 switches are designed to accommodate IPv4 and IPv6 configurations, allowing for flexible network integration.

The IOx application framework provides configuration options for Docker runtime settings and supports configuring multiple guest or Layer 2 interfaces (ranging from 0 to 63) for each application. Each Layer 2 interface can be assigned to a distinct VLAN, enhancing network organization and segmentation.

Guidelines for IOx Applications Deployment

  • Place the application package or tar file in the flash or SD card storage within the IOS partition.

  • Use interface Ap1/0/1 on the IE9300 switch to forward Layer 2 application traffic. Verify that the interface is active and configured as a trunk port.

  • Use interface Ap1/0/1 on the IE9300 switch to configure Layer 2 interfaces and assign a VLAN with an IP address within the same VLAN network. Next, configure gateway interfaces with an SVI or an IP address in the same network.

Limitations for IOx Application Deployment

  • Only up to three gateway interfaces are permitted per-application configuration.

  • Only one default gateway can be configured to support all interfaces.

Resource Profile Options in Cisco IOx Local Manager

  • The Cisco IOx Local Manager provides several resource profiles, such as:

    • tiny

    • exclusive

    • default, and

    • custom.

  • The custom profile allows you to adjust CPU, memory, and disk allocations according to the specific requirements of your IOx application.

Deployment of IOx Application Using the IOS-XE CLI

Figure 1. Example of IOx Deployment with Application


The configuration example here depicts a typical IOx application deployment on a Cisco Catalyst IE9300 Rugged Series Switch. The interface Ap1/0/1 is internally linked to a Linux bridge and set up as a trunk to facilitate multiple IOx applications. The application "Iperf_3" is assigned the IP address 192.168.0.2 on its guest interface. And the default gateway for the network is configured on the Switch Virtual Interface (SVI) VLAN 10, using the IP address 192.168.0.1.

See Connections from IE9300 Switch to IOx Applications for an illustration without interface examples in this guide.

Configure IOx Application Using CLI

Before you begin

Verify that you have configured the network for IOx, as described in the Connections from IE9300 Switch to IOx Applications section.

Procedure

Step 1

Enter global configuration mode.

Device# configure terminal

Step 2

Configure an application name and enter application-hosting configuration mode.

Device(config)# app-hosting appid iperf_3

Step 3

Configure AppGigabitEthernet trunk.

Device(config-app-hosting)#app-vnic AppGigabitEthernet trunk

Step 4

Configure a VLAN guest interface. This configuration places Eth0 into VLAN 10.

Device(config-config-app-hosting-trunk)#vlan 10 guest-interface 0

Step 5

Configure a static IP address.

  • IPv4

    Device(config-config-app-hosting-vlan-access-ip)#guest-ipaddress 192.168.0.2 netmask 255.255.255.0

  • IPv6

    Device(config-config-app-hosting-vlan-access-ip)#guest-ipv6address 2001::1 prefix 64

Step 6

Exit sub-interface mode.

Device(config-config-app-hosting-vlan-access-ip)#exit

Step 7

Exit app hosting trunk sub-interface mode.

Device(config-config-app-hosting-trunk)#exit

Step 8

Configure the default gateway for the application. Use the VLAN ID interface of the switch as the gateway.

Device(config-app-hosting)#app-default-gateway 192.168.0.1 guest-interface 0

Note

 

Supports up to three gateways.

Step 9

Save the configuration and return to privileged EXEC mode

Device(config-if)#end

Configure Docker Runtime Options for IOx Applications

Before you begin

  • Set Up Runtime Options: You can configure up to 30 separate lines of Docker runtime options for IOx applications. The system compiles these options into a single string, proceeding from line 1 through line 30. Each string may contain multiple Docker runtime options.

  • Apply Changes to Runtime Options: To apply changes to the runtime options, first stop the application, then deactivate it, reactivate it, and finally restart it. This process guarantees the correct implementation of the new runtime options.

Procedure

Step 1

Enter global configuration mode.

Device# configure terminal

Step 2

Configure an application name and enter application-hosting configuration mode.

Device(config)# app-hosting appid iperf_3

Step 3

Enter application-hosting Docker-configuration mode.

Device(config-app-hosting)#app-resource docker

Step 4

Specify the Docker run time options.

Device(config-app-hosting-docker)#run-opts 1 "--entrypoint '/bin/sleep 10000'"

Step 5

Exit application-hosting Docker-configuration mode.

Device(config-app-hosting-docker)#exit

Step 6

Save the configuration and return to privileged EXEC mode

Device(config-if)#end

Configure Application Resource Profiles for Application Hosting

Before you begin

  • Activate the application hosting, before making resource changes.

  • Check the memory and storage using show app-hosting resource command.

Procedure

Step 1

Enter global configuration mode.

Device# configure terminal

Step 2

Configure an application name to enter application-hosting configuration mode.

Device(config)# app-hosting appid iperf_3

Step 3

Configure the custom application resource profile.

Device(config-app-hosting)#app-resource profile custom

Note

 

The system supports only custom profile name.

Step 4

Configure the CPU resources.

Device(config-app-resource-profile-custom)#cpu 500

Step 5

Allocate memory for the application in megabytes.

Device(config-app-resource-profile-custom)#memory 256

Step 6

Assign persistent disk space for the application, in megabytes.

Device(config-app-resource-profile-custom)#persist-disk 256

Step 7

Save the configuration and return to privileged EXEC mode

Device(config-if)#end

Install, Activate, and Start the IOx Application on the Switch

Before you begin

Verify that you have configured the network and the IOx application, as described in the Configure the Network for IOx Applications section.

Procedure

Step 1

Install the application and move it into the deployed state.

Device#app-hosting install appid iperf_3 package flash:iperf_3_eft_dockerimage_aarch.tar
Installing package 'flash:iperf_3_eft_dockerimage_aarch.tar' for 'iperf_3'. Use 'show app-hosting list' for progress

Note

 

During installation, the application's signature is verified if signature verification is enabled, as described in the Cisco IOx Application Signature Verification and Automatic Activation section.

Step 2

(Optional) Enter this show command to check the state of the IOx application.

switch #show app-hosting list
App id                                   State
---------------------------------------------------------
iperf_3                                  DEPLOYED

Step 3

Allocate resources and activate the application.

Device# app-hosting activate appid iperf_3                         
Current state is: ACTIVATED

Step 4

Start the IOx application.

Device# app-hosting start appid iperf_3   
iperf_3 started successfully
Current state is: RUNNING

Cisco IOx Application Signature Verification and Automatic Activation

IOx infrastructure checks the signature verification of a Cisco IOx application during its installation. The application package signature ensures the validity of the package and confirms that the installed application on the device comes from a trusted source.

Conditions for Signature Verification

IOx infrastructure checks for a signature under these circumstances:

  • when signature verification is enabled.

  • when IOx infra uses bootflash as storage, then it checks for a signature regardless of signature verification status.

  • the application utilizes a restricted resource, such as secure storage.

If signature verification is enabled, and the application lacks a signature, the system prevents the application from running.

Conditions to Run Unsigned Non-Cisco Applications

The system does not permit non-Cisco applications to operate without enabling signature verification. However, the system permits unsigned non-Cisco applications to run if:

  • signature verification is disabled.

  • the application uses an SD card for storage, or.

  • the application is not using a restricted resource.

Automated Activation and Startup of Applications with the Start Keyword

The system provides a start keyword option under the application-hosting configuration. When this start keyword is used, the IOx infrastructure automatically activates and starts the application after installation. If the start keyword is not used, manual activation and startup are required using the activate and start commands.

Signature Verification Management and Status Check

Procedure

Step 1

To enable signature verification, use this command.

Device#app-hosting verification enable

Step 2

(Optional)To disable signature verification, use this command.

Device#app-hosting verification disable

Step 3

(Optional)To check whether signature verification is enabled or disabled, use this command.

Device# show app-hosting infra
IOX version: 2.7.0.0
App signature verification: disabled
Internal working directory: /mnt/usb0/iox
Application Interface Mapping
AppGigabitEthernet Port # Interface Name Port Type Bandwidth
1 AppGigabitEthernet1/0/1 KR Port - Internal 1G
CPU:
Quota: 33(Percentage)
Available: 26(Percentage)
Quota: 1000(Units)
Available: 800(Units)

Note

 

You can enable or disable sign verification at any time regardless of any installed application states.

Display Maximum Resource Allocation for Application

To display the maximum resources allocated to an application in the switch, use this command:

Device# show app-hosting resource
CPU:
  Quota: 33(Percentage) 
  Available: 0(Percentage)
VCPU:
  Count: 2
Memory:
  Quota: 862(MB)
  Available: 0(MB)
Storage space:
  Total: 3668(MB)
  Available: 2849(MB)

Resources Available in the Switch After IOx Application Configuration

To view the resources remaining in the switch after IOx application configuration, use this command:

Device# show app-hosting infra
IOX version: 2.7.0.0
App signature verification: disabled
Internal working directory: /mnt/usb0/iox
Application Interface Mapping
AppGigabitEthernet Port #  Interface Name    Port Type                  Bandwidth  
                           1                 AppGigabitEthernet1/0/1    KR Port - Internal   1G
CPU:
  Quota: 33(Percentage) 
  Available: 0(Percentage)
  Quota: 1000(Units)
  Available: 0(Units)

Display Application Information in the Switch

To display detailed application-related information in the switch, use this command:

Device# show app-hosting detail appid iperf_3
App id                 : iperf_3
Owner                  : iox
State                  : RUNNING
Application
  Type                 : docker
  Name                 : networkstatic/iperf_3
  Version              : latest
  Description          : 
  Author               : Brent Salisbury <brent.salisbury@gmail.com>
  Path                 : bootflash:iperf_3x86.tar
  URL Path             : 
Activated profile name : custom
Resource reservation
  Memory               : 500 MB
  Disk                 : 500 MB
  CPU                  : 173 units
  CPU-percent          : 5 %
  VCPU                 : 1
Platform resource profiles
  Profile Name                  CPU(unit)  Memory(MB)  Disk(MB)
  --------------------------------------------------------------
Attached devices
  Type              Name               Alias
  ---------------------------------------------
  serial/shell     iox_console_shell   serial0
  serial/aux       iox_console_aux     serial1
  serial/syslog    iox_syslog          serial2
  serial/trace     iox_trace           serial3
Network interfaces
   ---------------------------------------
eth0:
   MAC address         : 52:54:dd:67:81:6f
   IPv6 address        : ::
   Network name        : mgmt-bridge300
eth3:
   MAC address         : 52:54:dd:b2:4d:86
   IPv4 address        : 20.1.2.2
   IPv6 address        : ::
   Network name        : VPG0
eth1:
   MAC address         : 52:54:dd:f2:29:67
   IPv4 address        : 10.1.1.2
   IPv6 address        : 2001:1::5054:ddff:fef2:2967
   Network name        : mgmt-bridge-v2340
Docker
------
Run-time information
  Command              : 
  Entry-point          : /bin/sleep 10000
  Run options in use   : --entrypoint '/bin/sleep 10000'
  Package run options  : 
Application health information
  Status               : 0
  Last probe error     : 
  Last probe output    :

Stop, Deactivate, and Uninstall IOx Application on the Switch

Procedure

Step 1

To stop the IOx application, use this command. 

Device# app-hosting stop appid iperf_3
iperf_3 stopped successfully
Current state is: STOPPED

Step 2

To deactivate the IOx application, use this command. 

Device# app-hosting deactivate appid iperf_3
iperf_3 deactivated successfully
Current state is: DEPLOYED

Step 3

To uninstall the IOx application, use this command.

Device# app-hosting uninstall appid iperf_3
Uninstalling 'iperf_3'. Use 'show app-hosting list' for progress.

Display App-Hosting Commands

To display the list of subcommands for the app-hosting command, use the command as given here: 

Device# app-hosting ?
  activate      Application activate		<== to activate app
  clear         Clear console/aux connection     <== to clear console or aux session if connected
  connect       Application connect              <== to connect the app console or aux or session once in run state
  data          Application data	           <== to upload files to the apps
  deactivate    Application deactivate	     <== to deactivate an app
  debug         debug			         <== for caf related debug commands
  install       Application install	        <== to install app
  move          Move File		           <== to move trace or core file
  settings      Application settings	       <== to configure app specific setting using file
  start         Application start	          <== to start an app
  stop          Application stop	           <== to stop an app
  uninstall     Application uninstall	      <== to uninstall an app`
  upgrade       Application upgrade	        <== to upgrade app to new version	
  verification Application signature verification setting (global) 	<== to enable/disable the sign verification

Deploy an IOx Application using Cisco IOx Local Manager

Cisco IOx Local Manager offers a web-based interface for managing, administering, monitoring, and troubleshooting applications on a host system and to perform various related activities.

You can access Cisco IOx Local Manager from the Cisco Catalyst IE9300 Rugged Series Switch web-based UI and use Cisco IOx Local Manager to deploy applications.

Access the Cisco IOx Local Manager Application

  • Log in to the Cisco Catalyst IE9300 Rugged Series Switch web-based UI.

  • Navigate to Configuration > IOx. The IOx option is located under the Services section.

  • In the Cisco IOx Local Manager, enter your Cisco IOS username and password.

  • Click Log In to proceed.

See Cisco IOx Local Manager Reference Guide. page for more information