使用千眼在 Meraki 上托管容器的旅程.pdf

《使用千眼在 Meraki 上托管容器的旅程.pdf》由會員分享，可在線閱讀，更多相關《使用千眼在 Meraki 上托管容器的旅程.pdf（46頁珍藏版）》請在三個皮匠報告上搜索。

1、#CiscoLive#CiscoLiveTyler Duzan,Sr.Product Manager ThousandEyesTaylor Byrnes,Software Engineering Technical Leader-Meraki BRKAPP-2727Journey to Hosting Containers on Meraki with ThousandEyesAgenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicIntroductionThe Meraki App PlatformBui

2、lding the Agent ContainerDemoQ&ABRKAPP-27273 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDelivered by Merakibuilding blocksMX security and SD-WAN appliancesUp to 4 WAN ports3G/4G/LTE USB as single-WAN or failoverModels with embedded LTE modemHigh availability mode and

3、automatic WAN failoverAdditional Ethernet ports with PoE/PoE+optionsVirtual appliances for hybrid cloudHighlights across modelsHighlights across modelsBRKAPP-27274 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMX67/68MX67C/68CWMX75Up to 50 users600 Mbps FW throughputWi-F

4、i&PoEUp to 50 users600 Mbps FW throughputWi-Fi&PoECAT 6 LTE modemUp to 250 users1 Gbps FW throughputWAN PoESMALL BRANCHMX85MX95MX105Up to 250 users1 Gbps FW throughputUp to 500 users2 Gbps FW throughputUp to 750 users3 Gbps FW throughputMEDIUM TO LARGE BRANCHMX250MX450Up to 2,000 users4 Gbps FW thro

5、ughputUp to 10,000 users6 Gbps FW throughputCAMPUS/LARGE ENTERPRISENetwork RequirementsBRKAPP-27275 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSee,understand,and improvedigital experiences everywhere6 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBR

6、KAPP-2727 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat is an Enterprise Agent?Software agents activelyactivelymonitoring the networkDesigned to run on many different platforms with minimal requirementsDeployed withinwithin your enterprise networkHosting/SaaS Provid

7、erInternetInternetEnterprise AgentBranchBranchEnterprise AgentData CenterData CenterERP,CRM or EmailBRKAPP-27277 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFast Scalable SaaS App MonitoringBenefits of ThousandEyes with Meraki-USE CASESContinuouslyContinuously monitorR

8、educe Adverse ImpactReduce operation workstreams Reduce operation workstreams with Meraki Dashboard Instantly activate at ScaleScaleProvide visibility to SaaS apps at regularregular intervalsintervals to give IT admins more validity of the issue in addition to real time user traffic with app healthP

9、roactive monitoring to reduce reduce impactimpact and helps communicate up and across.Across SD-Branch Cloud PlatformBRKAPP-27278The Meraki App Platform 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThis session is:This session is:A peek behind the curtain at how Meraki

10、delivers our new integration with ThousandEyesA deep dive into a number of technical details that customers dont interact withTo satisfy your curiosityA DisclaimerThis session is not:This session is not:Something customers need to understand to deploy ThousandEyes on MXThe launch of a general-purpos

11、e app hosting platformBRKAPP-272710 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicWhy an app platform?Meraki firmware upgrades require a device rebootThousandEyes releases Enterprise Agent updates on a two-week cycleContainers provide isolation and resource limiting to assure stab

12、ilityBRKAPP-272711 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe MX Today1.Customer changes a setting on Meraki Dashboard2.Meraki Cloud generates a new config file3.Meraki MX implements the new configurationMeraki CloudCustomerMeraki MXBRKAPP-272712 2023 Cisco and/or

13、 its affiliates.All rights reserved.Cisco Public#CiscoLiveThe MX,with Apps1.Customer enables an app on Dashboard(i.e.ThousandEyes)2.Meraki Cloud generates a new config file,which includes which apps to run3.Meraki MX implements the new configuration,including downloading the specified appsMeraki Clo

14、udCustomerMeraki MXBRKAPP-272713 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public4 Big Questions1.What is an app?2.How are apps created?3.How do apps get configured?4.How does the MX install and run an app?BRKAPP-272714 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publ

15、ic#CiscoLiveWhat is an App?Meraki YAML ManifestMeraki YAML ManifestDescribe the apps system requirements and configurationLimits on RAM,CPU,IO,etc.Networking and storage needsLinux capabilities requiredDigitally signed,and contains the container image SHA256 hashDocker/OCI Container ImageDocker/OCI

16、Container ImageIndustry-standard container image formatMust support both arm64 and amd64 CPUsBRKAPP-272715 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePublishing Apps1.ThousandEyes builds a Docker/OCI container image,and writes a YAML manifest2.The app is uploaded to M

17、eraki3.Meraki reviews the app,and if approved signs it for releaseMeraki CloudApp DeveloperReview&SigningBRKAPP-272716 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveConfiguring Apps1.Install is clicked on Dashboard2.Meraki cloud interfaces to ThousandEyes cloud,and gener

18、ates an app configCreates the ThousandEyes agentConfig includes the agents identityThis replaces agent self-registration3.App config is included in the Meraki config fileMeraki CloudCustomerMeraki MXPartner CloudBRKAPP-272717 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiv

19、eInstalling&Running AppsMXRedHat crun(OCI Runtime)Meraki MAPdMeraki Signed Object FetchMeraki BrainDashboard1234Meraki CD5Container Registry8910Object Storage67BRKAPP-272718 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveInstalling&Running Apps,Part 11.Meraki Dashboard de

20、livers a new config file,containing:Which apps to runProvisioning information for all apps2.Brain forwards the Meraki App Platform section to MAPdConfig DownloadingMeraki BrainDashboard12BRKAPP-272719 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveInstalling&Running Apps,

21、Part 2MAPd drives system statedrives system stateCompares current state to desired state,and causes state transitionsRPC interfaces to SOF and CDSOF responsible for downloading Meraki YAML Manifest files,and verifying signaturesCD downloads and unpacks container imagesMakes provisioning information

22、available to appsMeraki App Platform Daemon(MAPd)Meraki MAPdMeraki Signed Object Fetch2345Object Storage67BRKAPP-272720 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveInstalling&Running Apps,Part 31.Downloads and unpacks container images2.Generates OCI Runtime configurati

23、on fileUltra-low resource equivalent to Docker containerd or CNCF CRI-ODriven by RPC from MAPdMeraki Micro Container Daemon(CD)Meraki CDContainer Registry89107BRKAPP-272721 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveInstalling&Running Apps,Part 4Executes an OCI Filesy

24、stem Bundle(created by CD)Performs the low-level operations that create a container(e.g.Linux namespace creation)Meraki App Platform uses RedHats crun,but compatible with any compliant OCI RuntimeOCI RuntimeRedHat crun(OCI Runtime)10BRKAPP-272722 2023 Cisco and/or its affiliates.All rights reserved.

25、Cisco Public#CiscoLiveInstalling&Running AppsMXRedHat crun(OCI Runtime)Meraki MAPdMeraki Signed Object FetchMeraki BrainDashboard1234Meraki CD5Container Registry8910Object Storage67BRKAPP-272723 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBringing Meraki Magic to AppsAutomatic H

26、A failoverPre-configuration of apps before hardware setupSeamless hardware swaps and upgradesSaaS-like vendor-managed app updatesBRKAPP-272724 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVRRPHA FailoverApp+config is delivered to both primary and secondary MXMAPd contin

27、uously monitors VRRP state and starts/stops apps as requiredSingle agent identity is automatically transferred25BRKAPP-2727Meraki CloudMeraki MXPrimaryMeraki MXSecondary 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePre-Deployment ConfigurationThousandEyes can be enabled

28、,and the agent created,before the MX is onlineMeraki Cloud stores the app configuration,and provides it to the MX on first bootAllows pre-deployment configuration of testsMeraki CloudCustomerOfflineMeraki MXPartner CloudBRKAPP-272726 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#

29、CiscoLiveSeamless Hardware ReplacementApp config is automatically transferred on MX replacementMeraki cloud is the authoritative source of all app configurationData is never linked to specific hardware,only to the networkThousandEyes agent identity is seamlessly transferredMeraki CloudNewMeraki MXBR

30、KAPP-272727OldMeraki MX 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSaaS-like App UpdatesAfter app version approval by Meraki,individual agent updates are initiated by ThousandEyesFollows standard ThousandEyesprogressive release processNot the typical self-updating Tho

31、usandEyes agent modelApps are sandboxed during execution to ensure MX stabilityMeraki CloudMeraki MXPartner CloudBRKAPP-272728 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe Meraki App Platform significantly simplifies deployment of Cisco software at the network edge2

32、9BRKAPP-2727Building the Agent Container 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveConstraints&RequirementsWe needed to support devices which only have 4GB of physical memoryOur agent container must fit within less than 100MB on diskWe must support both ARM64 and X86

33、 architecturesWe need to run on a read-only filesystemThe Enterprise Agent cannot self-register to our platformWe cannot exceed 400MB of memory utilization during runtime,including tmpfsBRKAPP-272731 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhy Switch to Alpine?1.Se

34、curity Surface AreaAbsolute minimum base,only direct dependencies2.Minimize Disk Footprint400MB to 40MB on disk3.Simplify Support/MaintenanceNo significant re-architecture4.Improved deployment performanceReduced size increases speed32 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public

35、BRKAPP-2727 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe ThousandEyes Build Process for MerakiPromote the image to Production by calling a Meraki API which validates the manifest and makes the image available234567Upload container image to the Meraki Docker registry

36、 and the ThousandEyes Docker registryStart RolloutCustomer devices get updated to the newest container version Jenkins job builds the agent packages for Alpine LinuxSign Manifestwith the ThousandEyes key and upload itGenerate Manifest for the Meraki App PlatformA second Jenkins job uses Docker build

37、x to build the container image.1BRKAPP-272733 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePackage-Centric ApproachAll components of the ThousandEyes Enterprise Agent are packaged as APKs for Alpine LinuxContainers are built by installing packages using a script run dur

38、ing the build process.No non-package customization,and the container runs on a read-only filesystem34 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKAPP-2727 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSimplistic DockerfileWe use the official image

39、s for Alpine LinuxThe Dockerfile process:BRKAPP-272735Pull in base imageSet Alpine repository to the TE repositoryInstall Alpine packages from Artifactory by running a scriptRegister our agent process with runitUses tini as an entry point and directly invokes runit on start 2023 Cisco and/or its aff

40、iliates.All rights reserved.Cisco Public#CiscoLiveThings to NoteThings to NoteWhen connectivity is lost,agent caches several hours of test results and ingests them for backfilling when the connection is restoredThe agent logs extensively,requiring the use of log rotationDealing With Storage Using tm

41、pfsWe write results to database after each interval,then purge after its ingestedBalancing logs and results cache size with memory utilizationKey Key ChallengeChallengeOurOurSolutionSolutionBRKAPP-272736 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDealing With Storage

42、Using tmpfstmpfs ensures our agent can work with a read-only filesystemAll storage in memory is accounted as part of container memory usageMAP sets cgroups rules from our container manifest and enforces memory limits400MB Container Memory Usage140MB105MB153MBFor agent database and results cacheFor a

43、gent logsReserved for agent process memory(typically 50MB)BRKAPP-272737 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNetworking Capabilities RequiredEnterprise Agent uses raw sockets to generate TCP probesCAP_NET_RAW is required to run our containersBRKAPP-272738Demo 20

44、23 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive40BRKAPP-2727 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-br

45、anded socks(while supplies last)!These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Live Challenge for every survey completed.BRKAPP-272741 2023 Cisco and/or its affiliates.All rights reserved.Cisco

46、 PublicContinue your educationVisit the Cisco Showcase for related demos in Cisco Networking booth#3303Book your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL app use cases?

47、map-Thank you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive45Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123445 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKAPP-2727#CiscoLive