1 of 100

ONES-2.0

ONES GA v2.0

Open Networking Enterprise Suite (ONES)

Introduction and Overview

Open Networking Enterprise Suite (ONES) is a Network Orchestration, Visibility, and Assurance solution for multi-vendor and multi-NOS operated Network Infrastructure. ONES provides a one-stop solution from delivering deep visibility into your datacenter networks to extending 24x7 support functions for SONiC. It also hosts a powerful analytics engine that assists users to identify network issues and troubleshoot their networks, in case of common network anomalies and disruptions.

ONES uses Auto-discovery for SONiC devices and a YAML or CSV-based template for adding non-SONiC devices during the onboarding process and continuously collects streaming telemetry data from them to provide insights on;

Data Center Inventory
Network State
Platform and System Health
Control and Data Plane resource Utilisation
Traffic Utilisation
Software Compliance

ONES monitors various control and data plane metrics to provide these insights.

Rule Engine

ONESv2.0 application has the capability to trigger notifications via Slack app notifications when certain user-defined threshold values are breached.

In data centre operations, a rule engine with alerts for various metrics is essential for proactive monitoring and management of critical components and services. Rule Engine pushes the configured rule notification in case any device breaches the threshold value configured under the rule to SLACK Channel & Zendesk Support page.

Let's see the different types of rule engine alerts for specific metrics in a data centre environment

CPU and Memory Utilisation
Fan and PSU LED status
Traffic Bandwidth
ASIC Routes
Health Services
Traffic Errors and Discard Counters

Rule Engine Alerts

List rule-wise alerts (with Last seen, First Seen)
Option to filter Device level, Interface level alerts
Option to delete or Archive Alerts
Zendesk Ticket ID amped to the alert and URL link to the relevant time series graph

ONES Orchestration

ONES orchestration provide network admins to automate the fabric configuration using configuration templates for provisioning physical interfaces, layer 3 configuration for building IP-CLOS fabric using

BGP as a routing protocol including BGP-unnumbered
Symmetric/Asymmetric IRB
BGP Peering with PO
L2/L3 MC-LAG
EVPN MultiHoming
Layer2 Leaf-Spine (L2/L3 Mode)
Leaf only Deployment
BGP Peering over MC-LAG PeerLink
BGP Peering using separate Link between MC-LAG Peers
SFLOW
DHCP Relay
SAG / SVI
NTP, SNMP, SYSLOG
Incremental Config update for L2VNI/L3VNI
Enhanced backup and restore options via UI
Enhanced API support - configuration replace

ONES orchestration not only configures the fabric but also make sure the Fabric is operational by doing verifying the configuration at every stage.

ONES provides north bound API access for configurations originating from external orchestration tools.

ONES Application

Overview

Below are the primary components of ONES Application

ONES Telemetry Collector(s) for Network Visibility
ONES Rule Engine
ONES Orchestrator for Fabric Configuration
ONES Supportability
ONES Security

ONES Telemetry Collector(s) and Visibility

Overview

ONES Telemetry Collector(s) and Analytics bring truly unparalleled visibility across all your switches running SONiC (both community and vendor distros), regardless of the underlying ASIC. ONES front end (UI), will enable network admins to;

Manage inventory of your network devices running SONiC on Broadcom, Cisco, Marvell, and Nvidia ASICs
View the topology of the entire fabric across multiple hardware platforms, and network operating systems
Monitor traffic, system health, bandwidth utilization, & more

Topology is the new default page for ONES application

This page shows Underlay, Overlay, RoCE telemetry view & other Advance Filtering view
The same Topology page allows a user to connect to the device SSH and Console
Enhanced Traffic Page shares the PFC enabled Interfaces
Protocol page shows new metrics of VXLAN, LACP details and MCLAG information

Track Switch CPU/memory consumption, bandwidth, link failures, traffic errors, and more in real-time
Proactively identify and resolve issues that may lead to network downtime
Instantly connect to individual devices for maintenance and troubleshooting

Inventory Page

Syslog extraction for device, Console access, Add/Remove Non-SONiC devices via YAML or CSV, export or download inventory
Firmware information is added in Device details section

ONESv2.0 offer different licensing modes

ONES-T (Default License mode)
- Telemetry Visibility (Monitor, inventory, analytics)
- Add/remove Non-SONiC devices via YAML or CSV
- Support (Aviz Zendesk)- Ability to open a ticket with inventory dump
- Syslog access, Console/SSH access for device
ONES-NetOps / ONES-ALL
- ONES-T
- Orchestration
- Rule Engine and integrations with Zendesk and Slack for alerts
- Network SLA (API based support)
- ZTP/Custom Image upgrade, backup/restore and reboot of the device

ONES Rule Engine

Overview

In data center operations, a rule engine with alerts for various metrics is essential for proactive monitoring and management of critical components and services. Let's discuss the need for rule engine alerts for specific metrics in a data centre environment

CPU and Memory Utilisation
Fan and PSU LED status
Traffic Bandwidth
ASIC Routes
Health Services
Traffic Errors and Discard Counters

Rule engine alerts ensure efficient resource utilization, timely troubleshooting, early detection of potential issues, and overall operational stability within the data centre environment.

Notification

ONES-App is capable of triggering breached threshold values to

Slack Channel
Zendesk Support ticket

Rules are categorized based on the metric hierarchy

Device Level
Interface Level

List of all the Metrics Supported by Rule Engine with possible units and measured value a user can use

Hierarchy

Metrics

Unit

Measure

Value

Device

CPU Utilization

Percentage (70%)

AVG/MIN/MAX

0/100

Device

Memory Utilization

Percentage (50%)

AVG/MIN/MAX

0/100

Device

Fan LED Status

String (RED or GREEN)

RED

RED/GREEN

Device

PSU Status

String (LED RED or Status=not OK)

RED or NOT OK

Device

CPU Core Temperature

Celscius (30)

AVG/MIN/MAX

Device

PSU Temperature

Celscius (30)

AVG/MIN/MAX

Device

FAN Speed

Percentage (70%)

AVG/MIN/MAX

0/100

Device

ASIC IPv4 Routes Utilization

Percentage (70%)

AVG/MIN/MAX

0/100

Device

ASIC IPv6 Routes Utilization

Percentage (80%)

AVG/MIN/MAX

0/100

Device

BGP Nbrs Operationally Down

Percentage (20%)

AVG/MIN/MAX

0/100

Device

FRR Container CPU Utilization

Percentage (20%)

AVG/MIN/MAX

0/100

Device

Syncd Container CPU Utilization

Percentage (20%)

AVG/MIN/MAX

0/100

Interface

TX Utilization

Percentage (80%)

AVG/MIN/MAX

0/100

Interface

RX Utilization

Percentage (80%)

AVG/MIN/MAX

0/100

Interface

In Errors

Count (100)

AVG/MIN/MAX

User defined

Interface

Out Errors

Count (50)

AVG/MIN/MAX

User defined

Interface

In Discards

Count (100)

AVG/MIN/MAX

User defined

Interface

Out Discards

Count (50)

AVG/MIN/MAX

User defined

Interface

Tranx TX Power

dBm

AVG/MIN/MAX

User defined

Interface

Tranx Rx Power

dBm

AVG/MIN/MAX

User defined

Interface

Tranx Temperature

Celscius (40)

AVG/MIN/MAX

User defined

Interface

Tranx Voltage

Volts (40)

AVG/MIN/MAX

User defined

ONES Orchestration

Why do we need Network Orchestration?

Orchestration refers to tasks or actions required to achieve a set of objectives for your Network Infrastructure operations

A centralized application like ONES translates these objectives into a network configuration template, applies and monitors to validate the operational efficiency and functionality

Automated tasks are performed on your Network Fabric in a purposeful order and each step is verified for success before moving to the next

ONES Orchestration - Overview

ONES Orchestration function, referred to as Fabric Manager (FM), lets you compose, deploy, and validate network configurations across any SONiC, be it a Community version or a Vendor distro.

As part of the initial release, ONES Orchestration supports to

Create and configure CLOS topology for ToR, Leaf, Spine, and Super-Spine layers
Apply and validate configurations pre- and post-deployment
Compare running configs against applied configs at any point
Upgrade devices with a single click via ZTP or custom NOS images
Restore & Backup configuration feature
Yaml-based config for VXLAN, MCLAG, BGP IP CLOS & EVPN(L2VPN), EVPN Multihoming, L3 EVPN Symmetric IRB, L3EVPN symmetric IRB with MCLAG.
Automate Configuration of interfaces, layer 3 interfaces, BGP-unnumbered and Common Services like NTP, SNMP, SYSLOG etc.

ONES Orchestration use cases are configured using a set of pre-defined YAML-based templates on ONES Web User Interface

FMCLI

Fabric Manager CLI

Once the user installs Orchestrator Agent (Fabric Manager Agent) on the device, it enables FMCLI

FMCLI provides a user interface to configure all the open standard protocols and is user-friendly

To use FMCLI, the user can run fmcli command on the device to enter in the configuration mode and can configure the protocols or any other required feature

Example of BGP config using fmcli

admin@fmcli:~$ fmcli
fmcli# configure terminal 
fmcli(config)# router bgp 1001
fmcli(config-router)# neighbor 10.10.10.1 remote-as 100
...
...

Supported FMCLI Features

Zero Touch Provisioning
Image Management
Configuration Management
Interface Management
VLAN's
Spanning Tree Protocol
VXLAN
L2 Forwarding Database
LLDP
LACP
DHCP Relay
IP Management
ARP
PING
Traceroute
Routing
BGP*
NTP
SYSLOG
Platform Details
SFLOW
NAT
Forward Error Correction
BFD
SNMP
VRF
AAA & TACACS
Drop Counters
ERSPAN
IP Based ACL
Prefix-list
EVPN Multihoming
Route-map

ONES Supportability

AVIZ Support Overview

Network Assurance helps the NetOps team validate policy and security compliance checks before making a change in network configuration, an intelligent set of proactive and predictive techniques that validate the Network for readiness without error, conflicts, and disruptions

Aviz Support team is located across four timezones offering 24x7 SONiC and related product support for multi-vendor switches and ASICs. Using our support portal, we offer you to

Collaborate with our SONiC experts to expedite your evaluations
Speed up your SONiC troubleshooting SLAs to as low as 15 minutes regardless of the underlying Switch/ASIC platform
Minimize operational delays by centralizing issues across multiple platforms

Supports Options are available:

Integrated Chat
Submit a Ticket
Send an email to support@aviznetworks.com

Refer to the "How to contact Aviz Networks Support?" section of this document for more details

ONES Supportability

To connect with customer support users can choose the support option available on ONES-UI

ONES Security

ONES is a support application for SONiC stack. It is designed for customer's engineering team such as SRE’s, HW and SW engineering teams for their daily network diagnosis and troubleshooting needs. In addition to that ONES exposes the API to integrate with external tools or customer homegrown applications.

This section describes how ONES authenticates users and secures communication.

Features

ONES Support

Role Based Access

ONES provide RBAC support for creating dedicated user accounts. it has a superadmin account which can manage these user accounts for control and permissions

Secure Access to Application

ONES Application provides HTTPS over standard port 443 supporting both self-signed and CA-signed certificates

Secure Access to switches

Auto-discovery communication between Agent and collector using a secure channel(SSL/TLS) with certificates (self-signed and CA-signed certificates

API Access

ONES Application provides HTTPS over standard port 443 supporting both self-signed and CA-signed certificates, the API is available via time-bound authentication tokens.

RBAC: Role-Based Access Control

Click to get more details on RBAC

Secure Access to the Application

ONES application provides HTTPs over standard port 443 supporting both self-signed and CA signed certificates.

HTTPS Support CA Signed
HTTPS Self Signed

Secure Access to the switch*

ONES utilizes gRPC infrastructure to communicate with switch agents. TLS (Transport Layer Security) is the primary security protocol used by gRPC to secure communication between the client and the server. TLS provides authentication, confidentiality, and integrity of data. Authentication is achieved using digital certificates, which verify the identity of the client and the server.

With an added extra layer of security, ONESv2.0 support Certificate based communication between switches and ONES Controller, and all the metrics will be streamed using the certificate-based encryption

What's new?

ONES UI

New Topology Page that shows more information
Console Access to Device on Topology Page

ONES Telemetry

VXLAN Monitoring
MCLAG Monitoring
LACP Monitoring
RoCE traffic visibility

ONES Orchestration

BGP Peering over Port channels
L3 MC-LAG
Layer2 Leaf-Spine (L2/L3 Mode)
Leaf only Deployment
BGP Peering over MC-LAG PeerLink
BGP Peering using separate Link between MC-LAG Peers
Incremental Config update for L2VNI/L2VNI
EVPN Multihoming Enhancement
Backup & Restore Device Configs Enhancement
Fabric Manager API + SDK to Support Day2 Operations Enhancement

Rule Engine

Push Notification if any threshold value exceed
- Slack Channel
- Zendesk Ticket
Alerts
Provision to setup device
Entry level rules

Agent streaming stopped containers with Memory and CPU utilisation as Zero
Rule engine alert time is in GMT and need in IST
Overlay Topology Enhancement with MCLAG deployment
Observed initial delay in streaming Unicast queue counters and drops packets

Getting Started

Supported Switch Platforms and NOS

Supported Matrix

NOS

ASIC

Switches

Community SONiC

NVIDIA, Broadcom

SN2010, SN4700, SN 2700, SN2100, SN3700, DellEMC-S5212f-P-25G

SONiC Distros

Broadcom

EC9716, EC4630, EC7326, RA-B6510-48V8C(Ragile Networks), CELESTICA-BELGITE

Cumulus*

NVIDIA

SN2010, SN4700, SN 2700, SN2100, SN3700

Arista*

Broadcom

DCS-7010T-48

Cumulus & Arista platforms are considered by ONES as Agent-less and supports metrics available using NVUE and eOS APIs

Agent-based vs Agent-less

SONiC-based switches require ONES Agents (Agent-based) to be installed on the switch being monitored, as a pre-requisite for ONES Telemetry and orchestrator-based functions to work.

ONES Telemetry Agent
ONES Orchestrator Agent

ONES does not support Orchestrator-based functions on Proprietary NOS (non-SONiC).

Agent requirements

SSH access
SONiC versions beyond 202012 or 202111 are supported
Only x86 intel-based architectures are supported

Scalability

ONES Function

Device/Switch Count

Telemetry for Visibility

1024

Orchestration

1024

Subscription

ONES provides the following subscriptions to manage and monitor the devices.

Subscription Type

Details

Support up to 32 devices

Support up to 64 devices

128

Support up to 128 devices

256

Support up to 256 devices

512

Support up to 512 devices

1024

Support up to 1024 devices

Free(30 Days Trial)

Support up to 8 devices

Download ONES

ONES Installation

Installation Pre-requisites

Installation Overview

ONES Installation follows the below steps in the order sequence of:

License Readiness
Preparing and Installing ONES Application machine
Installing ONES Agents on SONiC Switches for Orchestrator and Telemetry
Enabling OpenConfig on non-SONiC Switches for Telemetry

License Readiness

The installer allows a default capability for managing 8 devices without a license. Beyond this, the following license key is required for proceeding with the Installation;

ONES Application License (As per device count)

Trail license support feature

Telemetry Visibility (Monitor, inventory, analytics)
Add/remove Non-SONiC devices via YAML or CSV
Support (Zendesk)- Ability to open a ticket with inventory dump
Syslog access, Console/SSH access for device

To obtain a license, contact support@aviznetworks.com providing the below details;

License Duration - In Years (1-5)
Devices Count - 8, 32, 64, 128, 256, 512 or 1024
ONES installation ID
Email ID: (For Account creation)

Users can get the ONES installation ID on the ONES-UI Login page after the installation

System Hardware Requirements – ONES Application

In the current release, ONES can support managing up to 1024 devices. For ONES Application Installation, the system hardware requirements vary based on the number of devices to manage;

If user wants to use 8 devices, the recommendation is to use 64GB storage, because the default backup count is 1, and max can be configured 3

And if storage gets full, the controller will stop working or behave in wrong way

System Software Requirements - ONES Application

ONES Application package will take care of this prerequisite at the time of installation, Package verify the availability of the dependencies first then execute the application scripts

Note* Script do not take care about the update to latest version of ubuntu

Customer Firewall Configuration (Ports to be opened)

These port numbers should be available to use and all ports must be allowed in the firewall if the Database server and devices are in the different DMZ zone

sudo iptables -L // This command can be used to verify the used ports

Network Switch (Managed Node) Configuration Requirement

SSH is enabled
Network Reachability from ONES Application
OpenConfig feature is enabled (for non-SONiC Switches)

Browser Requirements for ONES Web User Interface access

Google Chrome version 107 or later
Mozilla Firefox version 106 or later

Download ONES Package

Work with Aviz Sales/Support contact to create an account on Aviz Networks Support Portal
Click on the Downloads section, under ONES, click to download ONES Release 2.0
- File to install on Ubuntu
  - ONES 2.0 Installation package
- File to install on VMware, ESXI, vSphere, and vCenter setup
  - ONES 2.0 OVA
- File to install on Hypervisor, KVM, LibVirt Manager
  - ONES 2.0 QCOW2

To install ONES Package on Ubuntu or Linux

Copy ONES Release 2.0 package (tar.gz) to ONES Application machine
Follow the next page to execute a successful installation

Installing ONES Application

These steps will guide a user how to install a tar-ball package on base Linux based machine

ONES Application system - Installation Steps

Enable super-user mode

user@ones-application:~$ sudo su

Extract the contents of the downloaded ONES Installer tar.gz file

root@ones-application:~$ tar -xvzf ONES-2.0.tar.gz

Go to ONES-2.0 folder on the server machine

root@ones-aplication:~$ cd ONES-2.0

Run ones-installer.sh to Install the ONES application function

root@ones-application:~/ONES-2.0$ ./ones-installer.sh

The installer file automatically detects & processes fresh installation or upgrade to the new version

While upgrading there is no dependency of prevision version files, Once the upgrade process is completed, user manually have to delete the previous version files/Packages from the device, Script do not touch old version files

By default, the installer has a license for 8 devices upto 30days

ONESv2.0 support SSL certificate integration

User can choose YES if the User wants to integrate their own SSL certificate

Installing Open Networking Enterprise Suite (ONES)
..................................................
ONES is getting installed for the first time, choose appropriate options when prompted...
....................
Installing prerequisites for ONES application
....................
....................
....................
....................
Installing ONES application...

Do you want to install domain SSL certificate(if not, installation will proceed with a self signed certificate)? [y/n]: y
Enter the path to the private key file: ./certs/server.pem 
Enter the path to the certificate file: ./certs/server.crt.pem

Note* Replace the Private key & certificate path to correct location

Choose No, if the user wants to use a self-signed certificate that is integrated into ONES package

Installing Open Networking Enterprise Suite (ONES)
..................................................
ONES is getting installed for the first time, choose appropriate options when prompted...
....................
Installing prerequisites for ONES application
....................
....................
....................
....................
Installing ONES application...

Do you want to install domain SSL certificate(if not, installation will proceed with a self signed certificate)? [y/n]: n
Using self signed certificates...

3. The installation allows a user to enable DB backup

Users can choose the local or remote location to backup the database
By default, the application creates a database backup every 86400 seconds(1 day), but the user can modify it as per the requirement
Local and Remote Backup
1. By-default application creates 1 backup for local and for remote,
2. It has a range of 1 to 3 and once it will add one more it will remove the first copy of the database,
3. User can modify the number of backup files at the time of installation
4. By-default ONES create ./backup directory to maintain local database

Local backup:
Do you want to enable DB backups? [y/n]y
Where do you want to store the backups? [local/remote]: local    #local keyword trigger local database on server
Enter the backup directory: ./backups     #Enter the server directory in which user wants to take backup
Enter the number of backups (between 1 and 3) to retain (Older backups will be deleted): 1   #Enter the number of backup user wants to create
Enter the backup interval in seconds (3600 seconds or higher): 86400 #Enter the value in seconds to take a backup

Remote backup:
Do you want to enable DB backup feature? [y/n]: y
Where do you want to store the backups? [local/remote]: remote    #remote keyword trigger remote database on server
Please make sure the remote server is reachable via SSH
Enter the remote machine IP: 10.0.0.1    
Enter the remote machine username: admin
Enter the remote machine password: 
Enter the backup directory: ~/backups    #Enter the remote server directory in which user wants to take backup
Backup is being done in 10.0.0.1 at ~/backups
Enter the number of backups (between 1 and 100) to retain (Older backups will be deleted): 5    #Enter the number of backup user wants to create
Enter the backup interval in seconds (3600 seconds or higher): 86400    #Enter the value in seconds to take a backup

ONESv2.0 support certificate-based authentication between ONES App and devices for GNMI and Auto-discovery
For agent auto-discovery agent will act as a client and the collector as a server. For normal gnmi communication, the agent will act as a server and the collector as a client. Need certificates based on this.

No:
Do you want to enable certificate based authentication between ONES controller and devices? [y/n]: n

Yes:
Do you want to enable certificate based authentication between ONES controller and devices? [y/n]: y
Enter the path to the ca-cert.pem file: ca-cert.pem    
Enter the path to the server-cert.pem file: server-cert.pem    
Enter the path to the server-key.pem file: server-key.pem
Enter the path to the client-cert.pem file: client-cert.pem
Enter the path to the client-key.pem file: client-key.pem
Proceeding with certificates for Agent Auto Registration
Enter the path to the ca-cert-reg.pem file: ca-cert-reg.pem
Enter the path to the server-cert.pem file: server-cert.pem
Enter the path to the server-key.pem file: server-key.pem
Enter the path to the client-cert.pem file: client-cert.pem
Enter the path to the client-key.pem file: client-key.pem

The user needs to provide the certificate path and replace the key name with the path of the certificate to be used here

ONES Application support IP-based Access & FQDN Access
Enter the ONES App URL: https:// #Replace the input with IP or FQDN
IP based
```
Enter the ONES App URL: https://192.168.1.1
```
FQDN based
```
Enter the ONES App URL: https://ones.aviznetworks.com
```

Installation begins

Installing Open Networking Enterprise Suite (ONES)
..................................................
ONES is getting installed for the first time, choose appropriate options when prompted...
....................
Installing prerequisites for ONES application
....................
....................
....................
....................
Installing ONES application...

Do you want to install domain SSL certificate(if not, installation will proceed with a self signed certificate)? [y/n]: n
Using self signed certificates...
Do you want to enable DB backup feature? [y/n] : y
Where do you want to store the backups? [local/remote]: local
Enter the backup directory: ./backups
Enter the number of backups(between 1 and 3) to retain (Older backups will be deleted) : 1
Enter the backup interval in seconds(3600 seconds or higher) : 86400
Do you want to enable certificate based authentication between ONES controller and devices? [y/n]: n
Enter the ONES App URL: https://192.168.1.1

Setting up the environment and loading essential dockers...
d07119f7c800: Loading layer [==================================================>]  53.62MB/53.62MB
366319f9a81c: Loading layer [==================================================>]   2.56kB/2.56kB
0f6276391b12: Loading layer [==================================================>]  86.32MB/86.32MB
5f70bf18a086: Loading layer [==================================================>]  1.024kB/1.024kB..
... 
...
... 
      Name                     Command                  State                            Ports                      
--------------------------------------------------------------------------------------------------------------------
api-server             "java -jar /app/apis…"   api-server          running             0.0.0.0:8080->8080/tcp, :::8080->8080/tcp
broker                 "/etc/confluent/dock…"   broker              running             0.0.0.0:9092->9092/tcp, :::9092->9092/tcp, 0.0.0.0:9101->9101/tcp, :::9101->9101/tcp, 0.0.0.0:29092->29092/tcp, :::29092->29092/tcp
docker                 "python3 app.py"         docker              running             
kafka-connect          "/etc/confluent/dock…"   kafka-connect       running (healthy)   0.0.0.0:8083->8083/tcp, :::8083->8083/tcp, 9092/tcp
ksqldb-server          "/usr/bin/docker/run"    ksqldb-server       running             0.0.0.0:8088->8088/tcp, :::8088->8088/tcp
ones-collector         "java -jar /app/coll…"   collector           running             8093/tcp, 0.0.0.0:50053->50053/tcp, :::50053->50053/tcp
ones-collector-db      "/docker-entrypoint.…"   collector-db        running             8008/tcp, 0.0.0.0:5432->5432/tcp, :::5432->5432/tcp, 8081/tcp
ones-fm                "/bin/sh -c '{ gunic…"   fm                  running             0.0.0.0:8787->8080/tcp, :::8787->8080/tcp
ones-fm-db             "docker-entrypoint.s…"   fm-db               running             0.0.0.0:2345->5432/tcp, :::2345->5432/tcp
ones-gateway           "./gnmi-gateway -Tar…"   gateway             running             0.0.0.0:9339->9339/tcp, :::9339->9339/tcp
ones-pty-server        "docker-entrypoint.s…"   pty-server          running             0.0.0.0:8885->8885/tcp, :::8885->8885/tcp
ones-rule-service      "java -jar /app/rule…"   rule-service        running             8080/tcp
ones-rule-service-db   "docker-entrypoint.s…"   rule-service-db     running             5432/tcp
ones-ui                "docker-entrypoint.s…"   ui                  running             0.0.0.0:443->443/tcp, :::443->443/tcp, 3002/tcp
schema-registry        "/etc/confluent/dock…"   schema-registry     running             0.0.0.0:8081->8081/tcp, :::8081->8081/tcp
stream-processor       "java -jar /app/stre…"   stream-processor    running             8080/tcp
zookeeper              "/etc/confluent/dock…"   zookeeper           running             2888/tcp, 0.0.0.0:2181->2181/tcp, :::2181->2181/tcp, 3888/tcp
Finishing up ONES Installation...
...................................................................................
Installed ONES application successfully
Open the ONES application  at https://<host-ip>

Access ONES Application Web GUI from a supported browser using https://<host-ip/FQDN>

Activation:

For Trail, user can choose Start A Trial (valid for 30days)
For Activation, user can choose Activate License if the user has an activation key of any subscription

1. Start A Trail

Use Default credentials as below;
- Username: superadmin
- Password : Admin@123
Update/Change your password on the first login

Password should contain:-

Minimum Password Length - 8 characters

Maximum Password Length - 24 characters

Character Support - Alpha Numeric

Special Characters - (# @ $ ! & % only)

Character Rule - At least one Upper Case and one special character

After Resetting the password use new credentials to login
You will see the default Monitor Page with a Topology view

2. Activate License

Get the Activation key

Share ONES installation ID to the AVIZ support team
As per PO, the AVIZ team will share the Activation key
Paste the activation key and Activate

Users can activate ONES Application first time just after installation(first-time ONES application shows the page to activate the license

After evaluating ONES application, the user will have the option to activate the license anytime from the dashboard

Installing ONES Agents

Overview

ONES requires user to install the below agents on SONiC NOS to allow Network Orchestration and Visibility

ONES Orchestrator Agent for Network Orchestration
ONES Telemetry Agent for Telemetry Data Streaming (Network Visibility)

NOTE: for non-SONiC switches,

OpenConfig feature on its NOS needs to be enabled for Network Visibility (Telemetry Data Streaming)
Network Orchestration is not supported

SONiC NOS upgrade scenario - Impact on ONES Agents

SONiC NOS Upgrade could be done either via
- ONES UI (Inventory-->Devices)
  - Instead of using FM - Orchestrator Agent
  - Orchestrator Agent takes a backup of FMCLI, ONES Agents and associated services to the /host folder.
  - After a successful upgrade, Orchestrator Agent restores these files
- Traditional means (ZTP, sonic-installer CLI)
  - The user needs to reinstall ONES Agents again

ONES Telemetry Agent Installation

ONES Agent v2.0 support Agent Auto discovery

ONESv2.0 Agent support auto-discovery feature
ONESv2.0 Agent support to send telemetry on multiple controllers (Max 2)
Restrict IP feature can be enabled/disabled
Using this feature agent will discover the ONES Controller and will update the entry on ONES App with all the feature metrics
Need to add a few inputs while installing agent
1. Controller IP //To restrict the telemetry streaming
2. Device Credentials
3. Layer
4. Region
5. azid
6. brickid
7. rackid

Installation

On the Application machine, go to ONES-2.0/ones_t_agent folder

root@ones-application:~$ cd /ONES-2.0/ones_t_agent

Installation (Agent Install on multiple switches at the same time)

Enter device details (Management IP, Username and Password ) in device_info.csv

root@ones-application/ONES-2.0/ones_t_agent:~$ vi device_info.csv

The user needs to add all the required details in the CSV file, This CSV file will be used to push this information to agent.conf(/etc/sonic/agent.conf) file to every switch and ones-agent on the switch will pick the details from agent.conf file and will register itself to ONES controller with all the given parameters this helps a NetOps engineer to directly add a CSV file containing all the details, The Engineer needs not to add one by one devices on the controller which actually is time-consuming

ip,user,passwd,layer,region,azid,brickid,rackid
10.4.4.61,admin,YourPaSsWoRd,Spine,SanJose,1,1,1
10.4.4.62,admin,YourPaSsWoRd,Leaf,SanJose,1,1,1
...
...
...

Save the File

Executing the installation script can be used for installing a telemetry agent on one or more devices in the data centre.

The installer file automatically detects & will process fresh installation or upgrade to the new version

While upgrading, all the previous files will automatically get deleted on the Switch

If users want to use the certificate for GNMI & Auto-Registration, so users need to put the certificate in directory gnmi-certs(for GNMI) & auto-reg-certs(for Agent Auto Registration)

root@ones-application/ONES-2.0/ones_t_agent:~$ ./ones_agent_parallel_installer.sh

Users can use ONES-Agent as an integrated service in SONiC OS or can use it as an independent third-party container.

Does the ONES-agent is integrated with SONiC NOS? (yes/no): no

Scripts asks to put the Controller IP to use auto-discovery feature

Enter the ip address of collectors to auto-discover. Do not enter more than 2. Eg - 10.1.1.10, 10.2.2.5 : 10.4.4.11

User can only add 2 Controller IP to restrict the telemetry streaming

User can choose the restriction to send telemetry to collector IP only

Do you want to restrict access only to provided collector ip?
Note: Providing Yes will restrict access to agent only with the provided collector IP Address
Enter Yes/No : Yes

It's important to restrict collector IP as NO in case the running network has NAT translation from private to public IP for ONES server access from the device.

Installation Begin

root@ones-application/ONES-2.0/ones_t_agent:~$./ones_agent_parallel_installer.sh
Does the ONES-agent is integrated with SONiC NOS? (yes/no): no

Enter the ip address of collectors to auto-discover. Do not enter more than 2. E.g. - 10.1.1.10, 10.2.2.5 : 10.4.4.11
Do you want to restrict access only to provided collector ip?
Note: Providing Yes will restrict access to agent only with the provided collector IP Address
Enter Yes/No : Yes
[{'ip': '10.4.4.61', 'user': 'admin', 'passwd': 'YourPaSsWoRd', 'layer': 'Spine', 'region': 'Sanjose', 'azid': '1', 'brickid': '1', 'rackid': '1', 'installation_instance': 1, 'agentip': '10.4.4.61', 'collectorip': '10.4.4.11', 'restrict_collector_ip': 'Yes'}, {'ip': '10.4.4.62', 'user': 'admin', 'passwd': 'YourPaSsWoRd', 'layer': 'Leaf', 'region': 'Sanjose', 'azid': '1', 'brickid': '1', 'rackid': '1', 'installation_instance': 1, 'agentip': '10.4.4.62', 'collectorip': '10.4.4.11', 'restrict_collector_ip': 'Yes'}]
###############Connecting to switch###############
###############Connecting to switch###############
Connection to switch 10.4.4.61 successful.....................
Looking for previous installation........................
avizdock/ones-agent:devu
Connection to switch 10.4.4.62 successful.....................
Looking for previous installation........................
avizdock/ones-agent:latest


...
...
...
...
ones-agent.service file copied successfully on the device 10.4.4.61........
##################################################################
ones-agent.service file copied successfully on the device 10.4.4.62........
##################################################################
Deployment of ones-agent to switch 10.4.4.61 is successful
Deployment of ones-agent to switch 10.4.4.62 is successful

Now Agent will only stream the metrics to the given controller & will autoregister on the ONES-App

The user needs to make sure, The devices have a unique name, otherwise, there will issue while plotting the full topology view(Topology Page).

ONES Orchestration Agent Installation

On the ONES Application server, go to ONES-2.0/ones_fm_agent

root@ones-application:~$ cd /ONES-2.0/ones_fm_agent

Installation (Agent Install on multiple switches at the same time)

Enter device details (Management IP, Username, Password ) in device_info.csv

root@ones-application/ONES-2.0/ones_fm_agent:~$ vi device_info.csv

ip,user,passwd
10.4.4.61,admin,YourPaSsWoRd
10.4.4.62,admin,YourPaSsWoRd
...
...
...

Save the file
Execute the installation script

Fresh Installation

root@ones-application/ONES-2.0/ones_fm_agent:~$ ./deploy_fmcli.sh 'install'

root@ones-application/ONES-2.0/ones_fm_agent:~$ ./deploy_fmcli.sh 'install'
Installer will proceed with FMCLI-install ...

2fa37f2ee66e: Loading layer [==================================================>]  121.3MB/121.3MB
5cc3a4df1251: Loading layer [==================================================>]   49.6MB/49.6MB
2ef3351afa6d: Loading layer [==================================================>]  181.5MB/181.5MB
0c2d6fc19d6a: Loading layer [==================================================>]  596.9MB/596.9MB
d3de4ba9f72c: Loading layer [==================================================>]  19.25MB/19.25MB
6546924ee8e7: Loading layer [==================================================>]  41.04MB/41.04MB
16227882e38c: Loading layer [==================================================>]   5.12kB/5.12kB
29d8b0c23f30: Loading layer [==================================================>]   10.5MB/10.5MB
0eb731fd9ff0: Loading layer [==================================================>]  69.94MB/69.94MB
015b774a058f: Loading layer [==================================================>]   2.56kB/2.56kB
35743f2c1258: Loading layer [==================================================>]  37.47MB/37.47MB
e02e88375b40: Loading layer [==================================================>]  4.428MB/4.428MB
Loaded image: avizdock/agent_installer:latest
Docker image 'avizdock/agent_installer:latest' is loaded.
4c7a6666fea40554651f85c6b6857a79a99433872ba168c8865fbcf3246f0adc

Docker container 'agent_installer' is running.
CONTAINER ID   IMAGE                             COMMAND     CREATED         STATUS                  PORTS     NAMES
4c7a6666fea4   avizdock/agent_installer:latest   "python3"   4 seconds ago   Up Less than a second             agent_installer
Server IP: 172.17.0.2
fm_port: None
[{'ip': '10.20.7.12', 'passwd': 'YourPaSsWoRd', 'user': 'admin', 'server_ip': '172.17.0.2', 'fm_port': None}]
Operation = install
##### params = {'ip': '10.20.7.12', 'passwd': 'YourPaSsWoRd', 'user': 'admin', 'server_ip': '172.17.0.2', 'fm_port': None} #####
###############Connecting to switch###############
...

#################### Installing FMCLI on the device 10.20.7.12 ######################
####### Debug LOGS on the device 10.20.7.12 #######
...

FM-Agent installed successfully on the device 10.20.7.12........

Installation with a config cleanup

using this process, Script will clear the base config like port--channel related config, IP related config, VXlan related config and more related configuration.

root@ones-application/ONES-2.0/ones_fm_agent:~$ ./deploy_fmcli.sh 'installresetconfig'

root@ones-application/ONES2.0/ones_fm_agent# ./deploy_fmcli.sh 'installresetconfig'
Installer will proceed with FMCLI-installresetconfig ...

2fa37f2ee66e: Loading layer [==================================================>]  121.3MB/121.3MB
5cc3a4df1251: Loading layer [==================================================>]   49.6MB/49.6MB
2ef3351afa6d: Loading layer [==================================================>]  181.5MB/181.5MB
0c2d6fc19d6a: Loading layer [==================================================>]  596.9MB/596.9MB
d3de4ba9f72c: Loading layer [==================================================>]  19.25MB/19.25MB
6546924ee8e7: Loading layer [==================================================>]  41.04MB/41.04MB
16227882e38c: Loading layer [==================================================>]   5.12kB/5.12kB
29d8b0c23f30: Loading layer [==================================================>]   10.5MB/10.5MB
0eb731fd9ff0: Loading layer [==================================================>]  69.94MB/69.94MB
015b774a058f: Loading layer [==================================================>]   2.56kB/2.56kB
35743f2c1258: Loading layer [==================================================>]  37.47MB/37.47MB
e02e88375b40: Loading layer [==================================================>]  4.428MB/4.428MB
Loaded image: avizdock/agent_installer:latest
Docker image 'avizdock/agent_installer:latest' is loaded.
86086002858bad33fa21019f48eb58c7e37d9104d5b161ad7706d61c0bfa89f2

Docker container 'agent_installer' is running.
CONTAINER ID   IMAGE                             COMMAND     CREATED         STATUS                  PORTS     NAMES
86086002858b   avizdock/agent_installer:latest   "python3"   3 seconds ago   Up Less than a second             agent_installer

ones-fm container is not running

Server IP: 172.17.0.2
fm_port: None
[{'ip': '10.20.7.12', 'passwd': 'YourPaSsWoRd', 'user': 'admin', 'server_ip': '172.17.0.2', 'fm_port': None}]
Operation = installresetconfig
##### params = {'ip': '10.20.7.12', 'passwd': 'YourPaSsWoRd', 'user': 'admin', 'server_ip': '172.17.0.2', 'fm_port': None} #####
###############Connecting to switch###############
<paramiko.client.SSHClient object at 0x7feb0b5b0310>
Connection to switch 10.20.7.12 successfull.....................
/home/ones_fm_agent
Creating work directory  on the device 10.20.7.12........
Work Directory ones-fm_1702897991_0583997 created successfully on the device 10.20.7.12 .............
Copying FMCLI_Installer.py to directory ones-fm_1702897991_0583997 on the device 10.20.7.12 .............
Copying FMCLI_Installer.py to directory ones-fm_1702897991_0583997 successful on the device 10.20.7.12 .............
Copying fmcli-app.tgz to directory ones-fm_1702897991_0583997 on the device 10.20.7.12 .............
Copying fmcli-app.tgz to directory ones-fm_1702897991_0583997 successful on the device 10.20.7.12 .............

#################### Installing FMCLI on the device 10.20.7.12 ######################
####### Debug LOGS on the device 10.20.7.12 #######

...
...
...


FM-Agent installed successfully on the device 10.20.7.12........
####### Deleting ones-fm_1702897991_0583997 dir on the device 10.20.7.12 #######
##### params = {'ip': '10.20.7.12', 'passwd': 'YourPaSsWoRd', 'user': 'admin', 'server_ip': '172.17.0.2', 'fm_port': None} #####
###############Connecting to switch - 10.20.7.12 ###############
<paramiko.client.SSHClient object at 0x7feb0b5b0640>
Connection to switch 10.20.7.12 successfull.....................
/home/ones_fm_agent
Creating work directory  on the device 10.20.7.12........
Work Directory ones-fm_1702898114_0637665 created successfully on the device 10.20.7.12 .............
Copying config-reset.py to directory ones-fm_1702898114_0637665 on the device 10.20.7.12 .............
Copying config-reset.py to directory ones-fm_1702898114_0637665 successful on the device 10.20.7.12 .............

#################### Cleaning config on the device 10.20.7.12 ######################
...
...
...

OCI runtime exec failed: exec failed: unable to start container process: exec: "/usr/lib/frr/frr-reload.py": stat /usr/lib/frr/frr-reload.py: no such file or directory: unknown
Running command: /usr/local/bin/sonic-cfggen -d --print-data > /etc/sonic/config_db.json
###################################
###################################
###### Config Reset Successful !!! #######

Upgrade Installation

root@ones-application/ONES-2.0/ones_fm_agent:~$ ./deploy_fmcli.sh 'upgrade'

root@ones-application/ONES-2.0/ones_fm_agent:~$ ./deploy_fmcli.sh 'upgrade'
Installer will proceed with FMCLI-upgrade ...

2fa37f2ee66e: Loading layer [==================================================>]  121.3MB/121.3MB
5cc3a4df1251: Loading layer [==================================================>]   49.6MB/49.6MB
2ef3351afa6d: Loading layer [==================================================>]  181.5MB/181.5MB
0c2d6fc19d6a: Loading layer [==================================================>]  596.9MB/596.9MB
d3de4ba9f72c: Loading layer [==================================================>]  19.25MB/19.25MB
6546924ee8e7: Loading layer [==================================================>]  41.04MB/41.04MB
16227882e38c: Loading layer [==================================================>]   5.12kB/5.12kB
29d8b0c23f30: Loading layer [==================================================>]   10.5MB/10.5MB
0eb731fd9ff0: Loading layer [==================================================>]  69.94MB/69.94MB
015b774a058f: Loading layer [==================================================>]   2.56kB/2.56kB
35743f2c1258: Loading layer [==================================================>]  37.47MB/37.47MB
e02e88375b40: Loading layer [==================================================>]  4.428MB/4.428MB
Loaded image: avizdock/agent_installer:latest
Docker image 'avizdock/agent_installer:latest' is loaded.
73bf7f665d0df3633a83b58fae02e987cad8f1246ec6119aa58088e00c1e44a6

Docker container 'agent_installer' is running.
CONTAINER ID   IMAGE                             COMMAND     CREATED         STATUS                  PORTS     NAMES
73bf7f665d0d   avizdock/agent_installer:latest   "python3"   3 seconds ago   Up Less than a second             agent_installer

ones-fm container is not running

Server IP: 172.17.0.2
fm_port: None
[{'ip': '10.20.7.12', 'passwd': 'YourPaSsWoRd', 'user': 'admin', 'server_ip': '172.17.0.2', 'fm_port': None}]
Operation = upgrade
##### params = {'ip': '10.20.7.12', 'passwd': 'YourPaSsWoRd', 'user': 'admin', 'server_ip': '172.17.0.2', 'fm_port': None} #####
###############Connecting to switch###############
...
...
...

#################### Upgrading FMCLI on the device 10.20.7.12 ######################
####### Debug LOGS on the device 10.20.7.12 #######
fmcli-app/
fmcli-app/fmcli
fmcli-app/fmclimain.service
fmcli-app/fmcli.cli
...
...
...

Created symlink /etc/systemd/system/multi-user.target.wants/fmclimain.service → /etc/systemd/system/fmclimain.service.
/tmp/fmcliStartup.init

FM-Agent Upgraded successfully on the device 10.20.7.12........

Verify the Installation success by running the fmcli command on individual devices

root@Switch:~$ sudo fmcli

root@Switch:~$ sudo fmcli 
fmcli#

Agent Less Telemetry

ONES Application support Agent Less devices telemetry for

>Cumulus (NVUE API)

>Arista EOS (OpenConfig)

Cumulus(NVUE API)

Cumulus switch with version >4.4 to start streaming to ONES Controller via NVUE API

Enable gNMI in Cumulus

netq config add agent gnmi-enable true
netq config add agent opta-enable false
netq config add agent gnmi-port 9339
netq config restart agent
netq config status agent

netq config add agent gnmi-port 50052
netq config restart agent
netq config status agent

cumulus@cumulus:mgmt:~$ cat /etc/netq/netq.yml
netq-agent:
is-gnmi-enabled: true
is-opta-enabled: false
netq-gnmi:
gnmi_port: 9339

Enable NVUE API in Cumulus

sudo ln -s /etc/nginx/sites-{available,enabled}/nvue.conf
sudo sed -i 's/listen localhost:8765 ssl;/listen \[::\]:8765 ipv6only=off ssl;/g' /etc/nginx/sites-available/nvue.conf
sudo systemctl restart nginx

ONES IS not using NCLU. ONES Application only use NVUE API from OS version 4.4, less than that NCLU code is not enabled for ONES. [For ONES 1.1 testing 4.4 and 5.2 version]

Cumulus 5.x not fully support NCLU, only NVUE.

Arista EOS (OpenConfig)

Introduction

To enable Arista switches running EOS to stream telemetry data to ONES controller, API gNMI and eAPI need to be enabled

Enable API gNMI

Arista-DCS-7010T(config)#management api gnmi
Arista-DCS-7010T(config-mgmt-api-gnmi)#transport grpc default
Arista-DCS-7010T(config-gnmi-transport-default)#port 50052
Arista-DCS-7010T(config-gnmi-transport-default)#provider eos-native
Arista-DCS-7010T(config-mgmt-api-gnmi)#end

Arista-DCS-7010T#show management api gnmi
Octa: enabled
Transport: GRPC
Enabled: yes
Server: running on port 50052, in default VRF
SSL profile: SELFSIGNED
QoS DSCP: none
Authorization required: no
Accounting requests: no
Certificate username authentication: no
Notification timestamp: last change time
Listen addresses: ::

Transport: default
Enabled: yes
Server: running on port 6030, in default VRF
SSL profile: none
QoS DSCP: none
Authorization required: no
Accounting requests: no
Certificate username authentication: no
Notification timestamp: last change time
Listen addresses: ::

Enabling eAPI

bash$ ssh username@myswitch
   Password: <passw0rd>
   myswitch> enable
   myswitch# configure terminal
   myswitch(config)# management api http-commands
   myswitch(config-mgmt-api-http-cmds)# no shutdown
   myswitch(config-mgmt-api-http-cmds)# show management api http-commands
   Enabled:            Yes
   HTTPS server:       running, set to use port 443
   HTTP server:        shutdown, set to use port 80
   Local HTTP server:  shutdown, no authentication, set to use port 8080
   Unix Socket server: shutdown, no authentication
   VRFs:               default

Adding New Controller

ONES Agent configuration file allows user to add new collector(controller) after the agent installation if required

Overview

If a customer desires to receive the same agent telemetry on a different ONES collector, there's no need to reinstall the agent on the device. Instead, the user can effortlessly add the new collector's IP to the device's agent.conf file after installing ONES on the other server. This action will automatically register and initiate streaming to the new ONES application

Only 2 controllers are supported in auto-discovery

Note: Terms "collector" and "controller" are used interchangeably; they have the same meaning.

Steps to add new Controller-IP

SSH to the device first

Navigate to /etc/sonic/

admin@Spine-2:~$ cd /etc/sonic/
admin@Spine-2:/etc/sonic$

Edit agent.conf file and add collector ip

admin@Spine-2:/etc/sonic$ sudo vi agent.conf
# Configuration file for agent gnmi
# Any edits require restart of the agent
# Mode - can be Tls/NoTls
mode = NoTls

#restrict_collector_ip = Yes/No
#Setting this to yes means that only the IP address mentioned under collectorip
#will be allowed to connect to the agent. No sets off this behavior
restrict_collector_ip = No
#layer of the switch Eg - Superspine/ Leaf/ Spine/ ToR
layer = Spine
#region of the switch Eg - Denver
region = Sj
#ip of the switch Eg - 10.4.4.33
agentip = 10.20.2.12
#ip of the collector Eg - 10.1.1.10
collectorip = 10.20.0.16,10.20.0.14
#azid of the switch Eg - 1
azid = 1
#brickid of the switch Eg - 1
brickid = 1
#rackid of the switch Eg - 1

Restart ONES-Agent Docker

admin@Spine-2:/etc/sonic$ docker restart ones-agent

After restarting Docker, it will automatically register with the new ONES-Application

VM Deployment

ONES Application can be integrated in the network as a Virtual Machine(VM) Package

VM Packages

QCOW2 Package: Qcow2 can be imported any KVM Hypervisor based application
OVA/OVF Package: OVA can import in
- VMware workstation/Fusion
- ESXI Server
- Virtual-Box

VM Package Upgrade

QCOW2 & OVA, both packages are supported for an upgrade to latest version

VMware ONES Deployment

Download OVA Package

Work with Aviz Sales/Support contact to create an account on Aviz Networks Support Portal
Click on the Downloads section, under ONES, and click to download ONES Release 2.0

VM Compatibility

ONES-2.0.0 OVA support below Versions of VMware Family

Import OVA to ESXI Server

Choose Deploy a virtual machine from an OVF or OVA file >> NEXT

Give it a Valid Name >> Click to select Files or drag/drop (upload from the download folder)

Choose the downloaded OVA package >> NEXT

Choose preferred storage to run ONES-2.0.0 VM >> NEXT

Choose a Network Adapter to provide DHCP IP to ONES App (Management interface/Eth0) >> NEXT

Verify all the inputs >> FINISH

After finishing it will take time to upload OVA to ESXI, Once the status is Successful then user can use ONESVM

ONES is Ready to use >> Power On the ONES VM

Credentials to access ONES OVA VM

Once logging into the server CLI using below credentials, please continue with the next steps that is Ones Agent Installation

Username: aviz
Password: Aviz@123

Expand HDD

Expanding the HDD

python3 vm-hdd-expand.py

vCPU & RAM can be expended without any dependency

KVM ONES Deployment

QCOW Deployment

Download Qcow2 Package

Work with Aviz Sales/Support contact to create an account on Aviz Networks Support Portal
Click on the Downloads section, under ONES, click to download ONES Release 2.0
Copy ONES Release 2.0 package (qcow2) to KVM Hypervisor Server

Create the VM using GUI App virt-manager

If your host server has Ubuntu Desktop and virt-manager installed you can use it to deploy the VM. Make sure you can start the Virtual Machine Manager and that it connects successfully to the local hypervisor.

Creating a VM with virt-manager is very straightforward, Use the following steps to deploy the ONES-Application

File -> New Virtual Machine -> Import existing disk image -> Forward

Now the ONES Application is ready to use

Create the VM using QEMU (XML configuration)

Create an XML configuration file from the following template using vi

vi ones.xml

<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
  <name>ONES_VM01</name>
  <memory unit='KiB'>4194304</memory>
  <currentMemory unit='KiB'>4194304</currentMemory>
  <vcpu placement='static'>4</vcpu>
  <resource>
    <partition>/machine</partition>
  </resource>
  <os>
    <type arch='x86_64' machine='pc-i440fx-1.5'>hvm</type>
    <boot dev='hd'/>
  </os>
  <features>
    <acpi/>
    <apic/>
  </features>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <devices>
    <emulator>/usr/bin/qemu-system-x86_64</emulator>
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2' cache='writeback'/>
      <source file='/home/oper/taas_vm/ones.qcow2' />
      <target bus='virtio' dev='vda'/>
    </disk>
    <serial type='pty'>
      <source path='/dev/pts/3'/>
      <target port='0'/>
    </serial>
    <!-- Management interface eth0 -->
    <interface type='network'>
	<model type='e1000' />
        <source network='br0'/>
        <address type='pci' domain='0x0000' bus='0x00' slot='0x00' function='0x0'/>
    </interface>
   <controller type='usb' index='0'/>
    <memballoon model='virtio'>
      <alias name='balloon0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
    </memballoon>
  </devices>
</domain>

User Inputs in XML File

Line #2   The Name of the VM
Line #3   The amount of System Memory for the VM
Line #4   The amount of System Memory for the VM
Line #5   The number of vCPU Core for the VM
Line #25  The Path to the qcow2 VM image file
Line #35  The name of the Linux bridge on the host machine

Create a Linux bridge configuration file (bridged-network.xml) for libvirt from the following template

vi bridged-network.xml

<network>
    <name>br0</name>
    <forward mode="bridge" />
    <bridge name="br0" />
</network>

User Inputs in XML File

Line #4 the name of the Linux bridge on the host machine

Define the Linux bridge for the VM

#Execute the below command to attach the VM to the Linux Bridge 
sonic@sonic-39:~$ virsh net-define bridged-network.xml
sonic@sonic-39:~$ virsh net-start br0
sonic@sonic-39:~$ virsh net-autostart br0
sonic@sonic-39:~$ virsh net-list
 Name                 State      Autostart     Persistent
----------------------------------------------------------
 br0                  active     yes           yes

sonic@sonic-39:~$

Start the VM

virsh create <VM XML configuration file>

#sonic@sonic-39:~$ virsh create ones.xml 
#Domain ONES_VM01 created from ones.xml
#sonic@sonic-39:~$

If you see a permission error run the virsh command with sudo may fix the issue

Check the VM status

sonic@sonic-39:~$ virsh list
 Id    Name                           State
----------------------------------------------------
 8     ONES_VM01                      running
sonic@sonic-39:~$

Credentials to access ONES QCOW2 VM

Username: aviz
Password: Aviz@123

OVA Integration

Upgrade VM

Upgrade Process

To upgrade any VM (QCOW or OVA)
- Download the ONES installation package

VM packages do not support upgrades from one VM to another VM once the VM is deployed in the network, then the ONES tar-ball file can be used to upgrade it.

ONES Web GUI Administration

ONES User Interface - Features

SONiC Devices use auto-discovery
Non-SONiC devices needs to add using YAML editor or using CSV file
Deep Telemetry for ASIC and Switch Hardware
Device Inventory details on
- Network Operating System (NOS)
- Firmware versions - ONIE, BIOS, and CPLD
- Hardware SKU, Model, ASIC, and Serial Number
- Platform Components – Fan, PSU, Sensors
- Link/Interface Health – Speed, Connectivity, Transceivers/Cables
Inventory Operations
- Adding/Removing devices using YAML or CSV file
- Agent Status Monitoring
Device Monitoring
- Device Up/Down State based on Agent and Agent-less
- Region and Zone Mapping
- Device Roles – Access, Leaf-Spine, Super-Spine
Network Compliance with version checks on
- Telemetry Agent
- Orchestrator Agent
- ONIE, NOS, and Linux Distros versions
Resource Trends
- CPU and Memory Utilization
- PSU and Fan Readings
- ASIC Capacity for Routes and ACLs
- Software and Kernel Route capacity
- Packet Counters – IN/OUT, Errors/Discards
Topology View
- Device Connectivity view across Roles and Location
- Link/Connectivity Status
- Device or Component failure count
Routing Protocol
- BGP Neighbors
- Advertised and Received Prefixes
- Local AS Number
- VXLAN
- MGLAG
- LACP
- RoCE
Orchestrator Use Cases
- YAML-based Configuration push
- Image Management via ZTP
- BGP Numbered(IPv4 & IPv6) and Unnumbered Configuration
- BGP Peering with Port-Channel
- NTP, SNMP, SFLOW, and SYSLOG Configuration
- VXLAN
- Symmetric/Asymmetric IRB
- L2/L3 MC-LAG
- EVPN MultiHoming
- Layer2 Leaf-Spine (L2/L3 Mode)
- Leaf only Deployment
- BGP Peering over MC-LAG PeerLink
- BGP Peering using separate Link between MC-LAG Peers
- DHCP Relay
- SAG / SVI
Licensing
- Application License
- Telemetry Agent License
- Orchestrator Agent License
User Management
- Add/Edit/Delete User
- Role Management
API Access for configurations originating from External Orchestration Tools
Rule Engine
- Slack Channel for push notification
- Zendesk ticket generation
- Rules status

ONES allows users to leverage pre-defined templates, and customize them for Ports, IPv4/IPv6 Routes, BGP-Unnumbered, and Switch Services (NTP, SNMP, SYSLOG, ZTP, etc.) functions

Login Page

To access the ONES application, use Server IP/FQDN with HTTPS

https://<host-ip/FQDN>

Adding Devices

The user needs to make sure, The devices have a unique name, otherwise, there will issue while plotting the full topology view(Topology Page).

Agent-based devices auto-discover the ONES-App and get registered automatically on the ONES Inventory page
To Onboard the Agent-Less devices user needs to add them manually
- Navigate to Inventory

This page gives the control to onboard the devices with two options
1. Add Devices using the YAML Editor
2. Upload the CSV file containing the device list

The movement user chooses CSV upload, then the YAML Editor will be disabled

1. Add Devices using YAML

Click on Add Devices
Upload Device Inventory using YAML Editor
Navigate to Inventory >> Devices >> Add Devices >> Use YAML
Use the below format to add devices to the application

 inventory:
     - ipAddress: "10.4.4.61"
       layer: "Spine"
       region: "San Jose"
       azId: 1
       brickId: 1
       user: "admin"
       password: "YourPaSsWoRd"
     - ipAddress: "10.4.4.62"
       layer: "Spine"
       region: "San Jose"
       azId: 1
       brickId: 1
       user: "admin"
       password: "YourPaSsWoRd"

Make sure to use the correct indentation for the YAML files

Click Save & Apply
ONES Application is now ready to manage the added devices

2. Add devices using CSV

Click on Add Devices
Upload Device Inventory using CSV File
Navigate to Inventory >> Devices >> Add Devices >> Use CSV
Use the below format to add devices to the application

Select CVS file to Upload >> <Choose CSV file containing devices entry>
Upload & Add

Inventory

User can onboard all the devices on the application and can get a complete view of all the populated tables

Agent-Based devices will automatically added using the auto discovery feature

Agent-Less devices needs to be added using this inventory page

The Inventory tab has the below mentioned features:
- Custom OS upgrade: Upgrade the device OS with any customised image. You need to provide the correct path to ensure the OS is updated successfully
- OS upgrade via ZTP: Upgrade the device OS via Zero touch provisioning
- Reboot devices: Reboot the device from a single click in the UI
- Add devices from the dashboard: The User can onboard the non-sonic devices using the YAML file upload or via the in-built editor in the UI
- Remove devices from the dashboard: The user can remove the auto-discovered(Agent based) and non-sonic devices

Devices

This section explains how users can add/manage/remove the devices using ONES.

Devices

Navigate to Inventory >> Devices

Using this tab, user can:
- Onboard the non-sonic(Agent-Less) device to the application using Add devices
- Syslogs capture
- Upgrade the device using Custom Upgrade
- Upgrade the device using ZTP (Zero Touch Provisioning)
- Reboot individual devices or multiple devices by selecting them in one click
- Remove the devices
- Complete Inventory can be downloaded in CSV format

The user needs to make sure, The devices have a unique name, otherwise, there will issue while plotting the full topology view(Topology Page).

Sonic Devices

Agent-based devices auto-discover the ONES-App and get registered automatically on the ONES Inventory page

Add Non-Sonic Devices

To Onboard the Agent-Less devices user needs to add them manually
- Navigate to Inventory

This page gives the control to onboard the devices with two options
1. Add Devices using the YAML Editor
2. Upload the CSV file containing the device list

The movement user chooses CSV upload, then the YAML Editor will be disabled

1. Add Devices using YAML

Click on Add Devices
Upload Device Inventory using YAML Editor
Navigate to Inventory >> Devices >> Add Devices >> Use YAML
Use the below format to add devices to the application

 inventory:
     - ipAddress: "10.4.4.61"
       layer: "Spine"
       region: "San Jose"
       azId: 1
       brickId: 1
       user: "admin"
       password: "YourPaSsWoRd"
     - ipAddress: "10.4.4.62"
       layer: "Spine"
       region: "San Jose"
       azId: 1
       brickId: 1
       user: "admin"
       password: "YourPaSsWoRd"

Make sure to use the correct indentation for the YAML files

Click Save & Apply
ONES Application is now ready to manage the added devices

2. Add devices using CSV

Click on Add Devices
Upload Device Inventory using CSV File
Navigate to Inventory >> Devices >> Add Devices >> Use CSV
Use the below format to add devices to the application

Select CVS file to Upload >> <Choose CSV file containing devices entry>
Upload & Add

Feature Set

Role / Region: Shows the device roles and regions
SKU / ASIC: Shows the device hardware SKU and ASIC vendor
Port / Max Speed
- Shows the number of ports per device and max port speed on the device
- Click on the number of ports to get a detailed view of all the ports on a particular device

PSUs / Fans: Shows the total number of Power supplies and Fans present on a particular device
NOS Image: Shows the details of the network operating system running on the device and when it was last updated
ONIE Version: Shows which ONIE version is running on the device and when the last reboot time of the device
Agent Version / Network OS: Shows the agent version running on the device and the current active OS version on the device
Agent status / Last contact: Latest status of the Agent and when it was last communicated with that Agent.
Connect: Using this feature we directly get the CLI access of the device
- SSH connect
- Console connect
Details: This last option we can again use to get the details of the device

Remove Devices from the Application

Navigate to Inventory >> Devices >> Remove Devices

Choose the devices to be removed & confirm

once the user clicks on confirm, the Inventory page will remove the device

If the devices are agent-based they will get added again after some time, if the user wants to remove the agent-based devices, then the user need to uninstall the agent from the device

Now the selected devices have been removed from the ONES application

Custom Upgrade

This feature gives the control to upgrade the device to the new version

An HTTP image link is required to use the custom upgrade

Select any of the devices to upgrade to the new version

Click on Custom Upgrade

put the new Image URL and then Submit

It will show the status as In Progress

HTTP image URL should be accessible

This image will be downloaded to the device and configured as the next boot image and devices will be reloaded

Once the device comes up with the new image, the ONES application will install Telemetry and Fabric manager agent

when we upgrade any device that will be locked to do any further changes after a successful upgrade user can again use the same device for another task

Once the image is loaded, the ONES application will show the last image details and time stamp

Upgrade via ZTP

Using this page a user can directly upgrade the box

Select any of the devices to upgrade via ZTP

Click on Upgrade via ZTP

Click on Yes

when we upgrade any device that will be locked to do any further changes, after a successful upgrade user can again use the same device for another task

Reboot Device

Here we will see how we can reboot a device using
We have the option to choose one or multiple devices at a time to reboot
Choose one of the devices that we want to reboot

Click on Reboot
Click on Yes

While rebooting the device, the device will be locked to do any other task, once the reboot is successful, the lock will be removed and the user can take any new action

Configurations

Navigate to Configurations >> Configure Devices
Allows you to configure new devices
Supports valid YAML files
You can download the sample YAML file, edit it, and upload it again with the desired configuration

New Features Added

BGP Peering over Port channels
L3 MC-LAG
Layer2 Leaf-Spine (L2/L3 Mode)
Leaf only Deployment
BGP Peering over MC-LAG PeerLink
BGP Peering using separate links between MC-LAG Peers

Rule Engine

Overview

In data centre operations, a rule engine with alerts for various metrics is essential for proactive monitoring and management of critical components and services. Let's see the different types of rule engine alerts for specific metrics in a data centre environment

CPU and Memory
Fan and Power Supply Unit
Traffic Bandwidth
ASIC Routes
Health Services
Traffic Errors and Discard Counters

Push Notification

Rule Engine pushes the configured rule notification in case any device breaches the threshold value configured under the rule to

Slack channel
Zendesk Support ticket

To use Rule Engine feature User needs to setup first Slack channel integration or Zendesk Support integration

Slack Channel Integration

1. Create a Channel for ONES-App push notification

2. Generate API for Channel

Create an App
Choose From scratch
Provide any App Name and choose the workspace where the user wants to get the push notification & Create App
Choose Incoming Webhook and Activate Incoming Webhooks & Add New Worbhook to workspace
Select the configured Channel & Allow
Copy the newly created webhook link
Open ONES-App and select Integration >> Messaging
Add Channel & Paste the Webhook URL
After saving it will be available to use while creating any rule using Rule Engine feature

ONES-2.0

ONES GA v2.0

Open Networking Enterprise Suite (ONES)

Introduction and Overview

Rule Engine

ONES Orchestration

ONES Application

Overview

ONES Telemetry Collector(s) and Visibility

Overview

Topology is the new default page for ONES application

Inventory Page

ONESv2.0 offer different licensing modes

ONES Rule Engine

Overview

Notification

Rules are categorized based on the metric hierarchy

List of all the Metrics Supported by Rule Engine with possible units and measured value a user can use

ONES Orchestration

Why do we need Network Orchestration?

ONES Orchestration - Overview

FMCLI

Fabric Manager CLI

ONES Supportability

AVIZ Support Overview

ONES Supportability

ONES Security

This section describes how ONES authenticates users and secures communication.

RBAC: Role-Based Access Control

Secure Access to the Application

Secure Access to the switch*

What's new?

ONES UI

ONES Telemetry

ONES Orchestration

Rule Engine

Getting Started

Supported Switch Platforms and NOS

Supported Matrix

Agent-based vs Agent-less

Agent requirements

Scalability

Subscription

Download ONES

ONES Installation

Installation Pre-requisites

Installation Overview

License Readiness

Trail license support feature

System Hardware Requirements – ONES Application

System Software Requirements - ONES Application

Customer Firewall Configuration (Ports to be opened)

Network Switch (Managed Node) Configuration Requirement

Browser Requirements for ONES Web User Interface access

Download ONES Package

To install ONES Package on Ubuntu or Linux

Installing ONES Application

ONES Application system - Installation Steps

Activation:

1. Start A Trail

Login To ONES

2. Activate License

Get the Activation key

Installing ONES Agents

Overview

SONiC NOS upgrade scenario - Impact on ONES Agents

ONES Telemetry Agent Installation

ONES Agent v2.0 support Agent Auto discovery

Installation

Installation (Agent Install on multiple switches at the same time)

Installation Begin

ONES Orchestration Agent Installation

Installation (Agent Install on multiple switches at the same time)

Fresh Installation

Installation with a config cleanup

Upgrade Installation

Agent Less Telemetry

ONES Application support Agent Less devices telemetry for

>Cumulus (NVUE API)

>Arista EOS (OpenConfig)