cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
171
Views
0
Helpful
5
Replies
Highlighted
Cisco Employee

FortiNet NED and FortiGate VM (VNF)

 

Has anyone had success in managing FortiNet’s FortiGate VM (VNF) through our FortiNet NED? I’m working with the FortiGate VM to be able to demonstrate Mercury, ESC, & NSO as part of a complete NFVi solution that includes 3rd party VNFs.

 

 

I’ve run into an issue with NSO on-boarding where the NED will connect to the device, run some commands, but then fails and exits. This is ultimately for a customer POC, but is currently limited to an internal Cisco lab until this can be resolved and tested.

 

 

Has anyone experienced the same and/or would be able to help determine why the NED is failing and what the best action plan is for resolution?

 

 

 

 

Here are some specifics, including the NED trace:

 

 

admin@ncs> show packages package package-version

 

                  PACKAGE

 

NAME              VERSION

 

---------------------------

 

cisco-ios         3.0

 

esc               1.0

 

fortinet-fortios  3.2.30

 

tailf-nfvo        1.1

 

tailf-nfvo-esc    1.1

 

 

 

[root@nso ~]# ncs --version

 

4.2

 

 

 

[root@nso logs]# cat ned-fortinet-fortios-VMS_FGVM-2_FortiGate_VNFD_3_ports_FG-VM64_esc0_1.trace

 

>> 8-Nov-2016::21:40:05.179 CLI CONNECT to VMS_FGVM-2_FortiGate_VNFD_3_ports_FG-VM64_esc0_1-192.168.0.27:22 as admin (Trace=true)

 

 

  *** output 8-Nov-2016::21:40:05.196 ***

 

-- SSH connecting to host: 192.168.0.27:22 --

 

-- SSH initializing session --

 

 

  *** input 8-Nov-2016::21:40:05.447 ***

 

FGVM #

 

 

  *** output 8-Nov-2016::21:40:05.448 ***

 

-- NCS VERSION: 62 6020100 --

 

-- NED VERSION: fortinet-fortios 3.2.30 2016-10-21 --

 

get system status

 

 

  *** input 8-Nov-2016::21:40:05.472 ***

 

get system status

 

Version: FortiOS-VM64-KVM v5.4.2,build1100,161101 (GA)

 

Virus-DB: 1.00123(2015-12-11 13:18)

 

Extended DB: 1.00000(2012-10-17 15:46)

 

Extreme DB: 1.00000(2012-10-17 15:47)

 

IPS-DB: 6.00741(2015-12-01 02:30)

 

IPS-ETDB: 0.00000(2001-01-01 00:00)

 

Serial-Number: FOSVM1YPXDZ4I092

 

IPS Malicious URL Database: 1.00001(2015-01-01 01:01)

 

Botnet DB: 1.00000(2012-05-28 22:51)

 

VM Resources: 2 CPU, 3859 MB RAM

 

BIOS version: 04000002

 

Log hard disk: Not available

 

Hostname: FGVM

 

Operation Mode: NAT

 

Current virtual domain: root

 

Max number of virtual domains: 1

 

Virtual domains status: 1 in NAT mode, 0 in TP mode

 

Virtual domain configuration: disable

 

FIPS-CC mode: disable

 

Current HA mode: standalone

 

Branch point: 1100

 

Release Version Information: GA

 

FortiOS x86-64: Yes

 

System time: Tue Nov  8 13:40:04 2016

 

 

FGVM #

 

 

  *** output 8-Nov-2016::21:40:05.472 ***

 

-- VDOM disabled --

 

config system console

 

 

  *** input 8-Nov-2016::21:40:05.472 ***

 

config system console

 

 

FGVM (console) #

 

 

  *** output 8-Nov-2016::21:40:05.472 ***

 

set output standard

 

 

  *** input 8-Nov-2016::21:40:05.473 ***

 

set output standard

 

 

FGVM (console) #

 

 

  *** output 8-Nov-2016::21:40:05.474 ***

 

?

 

 

  *** input 8-Nov-2016::21:40:05.480 ***

 

 

set      Modify value.

 

unset    Set to default value.

 

get      Get dynamic and system information.

 

show     Show configuration.

 

abort    End and discard last config.

 

end      End and save last config.

 

 

FGVM (console) #

 

 

  *** output 8-Nov-2016::21:40:05.481 ***

 

end

 

 

  *** input 8-Nov-2016::21:40:05.482 ***

 

end

 

 

FGVM #

 

 

  *** output 8-Nov-2016::21:40:05.482 ***

 

?

 

 

  *** input 8-Nov-2016::21:40:05.485 ***

 

 

config      Configure object.

 

get         Get dynamic and system information.

 

show        Show configuration.

 

diagnose    Diagnose facility.

 

execute     Execute static commands.

 

exit        Exit the CLI.

 

 

FGVM #

 

<< 8-Nov-2016::21:40:05.485 ERROR: Network Element Driver error econnrefused for device VMS_FGVM-2_FortiGate_VNFD_3_ports_FG-VM64_esc0_1: ned_connect_cli unknown device

 

[root@nso logs]#

 

 

 

Regards,

 

 

-Corey

 

5 REPLIES 5
Highlighted
Cisco Employee

 

Hi,

 

 

Are you connected via Console port? If so, please try to use IP management port.

 

 

Regards,

Roque

 

Highlighted
Cisco Employee

This is a virtual machine and not a physical appliance - connection is via SSH to the management port

Highlighted
Cisco Employee

 

Ok. No idea but you could try to re-create the commands the NED sends into the CLI directly and issue a TAC ticket.

 

 

Roque

 

 

PS: virtual machines also have a console port…typically a TCP connection mapped to openstack server. That is how from ESC you can access a VM console.

 

 

Roque Gagliano

 

Highlighted
Cisco Employee

 

Team it is a version support issue in the NED (FortinetNedCli.java).  Not sure of the logistics to get this fixed in the production NED.

 

 

/* Verify supported hardware */

 

            if ( (version.indexOf("FortiGate-200B") >= 0) ||

 

                 (version.indexOf("FortiGate-3240C") >= 0) ||

 

                 (version.indexOf("FortiGate-VM64") >= 0) ||

 

                 (version.indexOf("FortiOS-VM64-KVM") >= 0) ||  <<< I added this and it syncs now.

 

                 (version.indexOf("FortiGate-1000C") >= 0) ||

 

                 (version.indexOf("FortiGate-300C") >= 0) ||

 

                 (version.toLowerCase().indexOf("fortigate-3140b") >= 0) ||

 

                 (version.toLowerCase().indexOf("fortigate-1000d") >= 0) ||

 

                 (version.toLowerCase().indexOf("fortigate-3040b") >= 0) ||

 

                 (version.toLowerCase().indexOf("fortigate-100d") >= 0) ||

 

                 (version.toLowerCase().indexOf("fortigate-200d") >= 0) ||

 

                 (version.toLowerCase().indexOf("fortigate-500d") >= 0) ||

 

                 (version.toLowerCase().indexOf("fortigate-800c") >= 0) ||

 

                 (version.toLowerCase().indexOf("fortigate-1500d") >= 0) ||

 

                 (version.toLowerCase().indexOf("fortigate-200a") >= 0) ||

 

                 (version.toLowerCase().indexOf("fortigate-310b") >= 0)) {

 

                // found

 

                LOGGER.info("Logged in");

 

 

 

admin@ncs> request devices sync-from

 

sync-result {

 

    device VMS_CSR6_Simple_CSR_VNFD_3_ports_CSR_esc0_1

 

    result true

 

}

 

sync-result {

 

    device VMS_FGVM-2_FortiGate_VNFD_3_ports_FG-VM64_esc0_1

 

    result true

 

}

 

sync-result {

 

    device esc0

 

    result true

 

}

 

[ok][2016-11-08 23:10:01]

 

Highlighted
Cisco Employee

 

Hi Brendan,

 

I can open a ticket on this one for you and get it into the released product.

 

-Dan

 

Content for Community-Ad
Cisco Community October 2020 Spotlight Award Winners
This widget could not be displayed.