Home Blog Deploy Thousand Eyes Agent using Catalyst Center (DNAC)

Blog

Sep 25
Deploy Thousand Eyes Agent using Catalyst Center (DNAC)
Posted by Trevor Butler

Thanks to Cisco’s push to deploy more Thousand Eyes agents, the Catalyst team has given us an easy button for deploying agents to the Catalyst 9300 and 9400 switches using Catalyst Center, formally DNA Center. The agent is deployed as a docker container using the App-hosing framework built natively into the 9300 and 9400 series platforms. Catalyst Center streamlines the deployment of the container to a built-in workflow, meaning you don’t need to have Docker experience to get the agents installed and working.

There are a few design prerequires to consider before deploying Thousand Eyes agents:

  • A VLAN for the Enterprise Agent to use. This could be a dedicated VLAN or a user facing Data VLAN.
  • An IP address with a routable subnet with permission to connect to the Thousand Eyes cloud, allowing outgoing HTTPS connections directly or through a proxy server. This address can be learned either by using a Static IP, or via DHCP.
  • Cisco DNA Advantage or Premier license for each of the switches that will run the agent. As of this writing, each DNA Advantage license comes will a Thousand Eyes agent license for free. This agent license is worth 22 units/ month to run the Tests.
  • The minimum switch version of IOS-XE needed to host the agent:
    •        Catalyst 9300: IOS-XE 17.3.3 or later
    •        Catalyst 9400: IOS-XE 17.5.1 or later

 

The design I like to use is to deploy the agents with interfaces in every user facing VLAN on Access switches, and on the management VLAN on Core and Distribution switches. By configuring interfaces in each user facing VLAN on each access switch we can better simulate the user experience at the point the users are connected to the network. Then because users aren’t traditionally connected to Core and Distribution switches, I use the switch management VLAN for the agent to connect back to the Thousand Eyes cloud.

Portal Integration

One of the first things I try to do is setup the integration between the Catalyst Center and the Thousand Eyes portal. Technically you do not need to do this step to deploy the agents to the switches, however this step will allow Catalyst Center to ingest the results of Tests for the Application Health dashboard, providing additional value to Catalyst Center.

The first step in integration is to create an API token for your user in the Thousand Eyes portal. Navigate to Account Settings > Users and Roles. On the Profile tab scroll all the way to the bottom of the page. Under the User API Tokens click the generate button. (note I took the screenshots after integration so you should expect your portal to look like mine after the token is created.) You will need to copy this token to use in Catalyst Center later.

Deploy Thousand Eyes Agent using Catalyst Center (DNAC)

 

Deploy Thousand Eyes Agent using Catalyst Center (DNAC)

The API token is all that we need for Catalyst Center to authenticate with your Thousand Eyes Portal. Next lets open up Catalyst Center. After hitting the “Burger” in the upper left corner, navigate to System > Settings. In the Settings page, scroll down the side bar till you get to External Services > ThousandEyes Integration.

On this page is where you will paste the Thousand Eyes token generated in the first step. Click Save to finish the integration. Your page will look like mine below saying Thousand Eyes is enabled.

 

Deploy Thousand Eyes Agent using Catalyst Center (DNAC)

Installing Agent on DNAC

Whether or not the portals have been integrated the next step is to install the agent software on Catalyst Center. This way Catalyst Center can install it on any supported switch, as well as maintain version control for the containers.

Download Agent

The obvious first step to installing any software is to download the image. Back in the Thousand Eyes portal, navigate to Cloud & Enterprise Agents > Agent Settings. Under the Enterprise Agents tab and under that tab, the Agents tab you will see a list of Agents already deployed if you have any. On the right side of the page is a button that says “Add New Enterprise Agent”. Click that button.

Deploy Thousand Eyes Agent using Catalyst Center (DNAC)

A popup will appear with all of the different ways to deploy and Enterprise Agent. For Catalyst Center we want to use the Application Hosting method. Click on the Cisco Application Hosting tab.

There are two things we want to get from this tab, the first is to copy the Account Group Token and keep it somewhere. We need it to configure the docker runtime options in a later step. The second is to download the correct TAR file for the type of device.

For Catalyst 9300 and 9400 switches we want to use the Cisco IOS XE Docker Application found under the Catalyst Switches tab. Click the button to download the TAR file and save the file to your desktop.

 

Deploy Thousand Eyes Agent using Catalyst Center (DNAC)

Upload to DNAC

Deploy Thousand Eyes Agent using Catalyst Center (DNAC)The next step is to take the TAR file and upload it to Catalyst Center. In Catalyst Center, click on the “Burger” in the upper left corner and navigate to Provision > App Hosting for Switches.

One thing that confused me at first was that on this page is says we are in the Service Catalog. But the App Hosting for Switches page is just a subsection of the service catalog. So navigating using my method saves you one extra step of having to find App Hosting in the Service Catalog.

 

 

Deploy Thousand Eyes Agent using Catalyst Center (DNAC)

 

 

Deploy Thousand Eyes Agent using Catalyst Center (DNAC)

Once in the App Hosting for switches page, you will find a button that says “New App”. Click it and a popup to upload the TAR file will appear. Here is where you will drag and drop the TAR file we downloaded earlier from the Thousand Eyes portal.

Click Upload and wait for the application to finish uploading to Catalyst Center.

Once the agent is uploaded you will see a box with the agent software appear on the App Hosting for Switches screen. Click on the box to both manage and install the software on the switches.

 

Deploy Thousand Eyes Agent using Catalyst Center (DNAC)

 

Edit Docker Runtime Options

The last piece to configure before deploying the agent on the switches is to edit the docker runtime options to include the Account Group Token you copied all the way back in the beginning of this section. (You did remember to save it, right?!?)

If you are on the page from the last step, go ahead and click on the agent app to open its page.

Deploy Thousand Eyes Agent using Catalyst Center (DNAC)

Click on the Edit button below the Docker Runtime Options section, this will make both the App Description and Docker Runtime Options sections editable fields. In the Options field you will want to replace the value for TEAGENT_ACCOUT_TOKEN with the Account Group Token copied earlier. This will be used when the agent reaches out to the Thousand Eyes portal to link the agent to the right account.

Everything else can stay the same, Click Save.

 

Deploying Agent on Switches

Before Catalyst Center can deploy the Enterprise Agents to the switches there are two things that need to be configured and verified first. Lets start with the configuration; as we saw in the prerequisites at the beginning of the blog, the Enterprise Agent needs at least one VLAN to send traffic over. Catalyst Center will present the list of VLANs configured on the chosen switch then will tag the traffic based on the the VLAN. Catalyst Center will then configure the App-hosting application to use the AppGigabitEthernet port present on the 9300 and 9400 switches.

We will need to configure this port so that we maintain the VLAN tags. To do this simply configure the AppGig ports as trunks.

interface AppGigabitEthernet1/0/1

switchport mode trunk

ip http server

ip http authentication local

ip http secure-server

You may notice that in addition to the AppGig port configuration, we also enable HTTPS on the switch and specified local authentication. This is for the second part, which is satisfying the verification process Catalyst Center performs. Below is the list ran by the readiness check as well as an explanation of how to solve any failed areas in the list.

 

Deploy Thousand Eyes Agent using Catalyst Center (DNAC)

 

Now that the switch is configured, it time to deploy the agent. Under the Thousand Eyes Agent page in the App Hosting area of Catalyst Center, click on the Install button the lower right corner.

Deploy Thousand Eyes Agent using Catalyst Center (DNAC)

This will start a new workflow. Name the workflow, then click next. Choose the site where the switch you want to install the agent is in, again click next. A list of switches will appear for that site. Along with the inventory information for each switch you will see the last column has the results of the readiness check discussed earlier. If the result is failed, click on “See Details” to see what check(s) failed and how to resolve the issue.

Sometime you will see a status of “Partially Ready”, in that case click into the details page and manually trigger the check that request it. If all the checks pass then you can move forward with installation. Click the checkbox of the device you want to install the agent, then click next.

Deploy Thousand Eyes Agent using Catalyst Center (DNAC)

 

The next page is where you choose the VLANs the agent will be configured to use. Additionally a dropdown menu saying dynamic or static is used to tell the agent to use DHCP or a statically assigned IP address for that interface. If you choose the static option, you will need to download the CSV file, fill out the IP information and then reupload the file on that same page. Below is a sample of the CSV file. The fields in Yellow are the ones that will need to be filled out.

Deploy Thousand Eyes Agent using Catalyst Center (DNAC)

 

Once you have selected all of the VLANs you want the agent to be installed in then click next and Catalyst Center will begin the installation process. This process will take a few minutes. Once completed you will be redirected to the Thousand Eyes Enterprise Agent Management page. You can get to this page from the same Thousand Eyes Agent page used to install the app, but click the Manage button rather than Install.

Deploy Thousand Eyes Agent using Catalyst Center (DNAC)

 

Verification

There are two places to check that the expected configuration is accurate, Catalyst Center, and the Thousand Eyes portal. From the Thousand Eyes Agent Management page we last left off at click into one of the switch names. This will bring up the details of the agent installed on that switch.

Deploy Thousand Eyes Agent using Catalyst Center (DNAC)

 

 

Deploy Thousand Eyes Agent using Catalyst Center (DNAC)

To see the details of each interface, click on the View link under the details column; a popup will appear. Under the Network section you will see each of the interfaces. If you configured the interfaces to use DHCP this is a great way to seeing if the interface received an IP.

In addition to the IP information, you can verify the VLAN tag each interface is tagged with. The end of the Network Name for each interface ends in -v##, where ## is the VLAN tag.

Once the configuration is verified on the Catalyst Center side, its time to check to see if the agent is able to communication with the Thousand Eyes portal. On the portal navigate back to Cloud & Enterprise Agents > Agent Settings. Here you will see all of the agents that have successfully communicated back to the portal. The newly installed agent should show up on this list after a few minutes.

 

Deploy Thousand Eyes Agent using Catalyst Center (DNAC)

 

Once the agent has been verified you can started using the agents in your Thousand Eyes tests; but that is a subject for another Blog. Hopefully this post helped you to quickly deploy the Enterprise agents using Catalyst Center to your 9300 and 9400 series switches. If you would like help with your Thousand Eyes journey feel free to contact us, we will be happy to help!

 

As always if you have any questions on your network configuration and would like to schedule a free consultation with us, please reach out to us at sales@lookingpoint.com and we’ll be happy to help!

Contact Us

 

Written By:

Trevor Butler, Network Architect

subscribe to our blog

Get New Unique Posts