Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
5310
Views
10
Helpful
6
Comments

How to Deploy a SDWAN-XE virtual instance on ENCS/NFVIS

kramesh
Cisco Employee
Cisco Employee

‎10-14-2018 09:52 AM - edited ‎04-03-2019 09:52 PM

Background : There is growing interest for SDWAN capability on NFVIS based virtual branch. SDWAN XE code enables SDWAN with key features that are part of IOS XE codebase, including WAN diversity option with T1/E1, LTE, etc. 

This Howto document provides the required information for creating a virtual branch with SDWAN XE image. 

 

Hardware and Software versions used

ENCS 54xx hardware

NFVIS 3.8.1 or above

SDWAN XE ISRv 16.9.2 or above

vManage suite 18.3.1 or above

 

Prerequisites

NFVIS installed on a hardware with access to the on-box web GUI

Access to vManage management, path for control connections from SDWAN devices.

Device serial file with ISRv specific UUID and Tokens available in vManage. 

 

Step-by-Step Instructions

Step 1 : Prepare vmanage, vsmart, vbond to authenticate root-certificate and deploy device certificate after verification of one time use token.
Create and attach template to Device ID with site-specific parameters populated. This allows for vmanage to generate bootstrap config for use in step 3.
Step 2 : Upload Image and create/deploy the SDWAN XE virtual instance on NFVIS/ENCS.
In this step, bootstrap config is generated from vmanage for DeviceID and passed on to the virtual instance deployed at remote site with this specific file name
ciscosdwan_cloud_init.cfg
Step 3 : Verify that the the SDWAN XE virtual instance on-boarded is accepted by vManage suite.

 

Step 1 Associate Template in vManage to a device

 

attachtemplate.jpg

Confirm Attaching Device to Template is SuccessfulConfirm Attaching Device to Template is Successful

 Generate Bootstrap ConfigurationGenerate Bootstrap Configuration

 Select and Generate Bootstrap config in Default formatSelect and Generate Bootstrap config in Default format

 copy-n-paste or download bootstrap configurationcopy-n-paste or download bootstrap configuration

 Step 2 : Upload SDWANXE image onto device and Deploy the Router instanceupload00.jpg

 

Upload SDWAN XE image into Image repositoryUpload SDWAN XE image into Image repository


Image Registration SuccessfulImage Registration Successful

 Deploying an SDWAN instance with day 0 bootstrap configuration.

 Deploy XE-SDWAN and ASAv FirewallDeploy XE-SDWAN and ASAv FirewallVerify registration of router to vManage

Token is validated and device certificate is pushedToken is validated and device certificate is pushed

Labels:
Comments
anthony.wild
Level 1
Level 1
‎06-24-2019 12:39 PM

Should probably also mention that you need to reserve a Software Device in PnP first so that you can sync it over to vManage. "+ Add Software Device" to the applicable SMART Account then "Sync Smart Account" inside of vManage before the steps listed above.

 

Luis Rueda
Cisco Employee
Cisco Employee
‎09-05-2019 05:30 PM

What did you do for vManage to generate the certificate part as part of cloud-init config ?

anthony.wild
Level 1
Level 1
‎09-05-2019 05:37 PM

Once you sync the vManage to PNP and the virtual device pops into vManage, attach your template to it. Then, right click the device and generate bootstrap config as "Cloud Init". Then, insert that cloud init config when you spin the VNF as shown above in the second to the last screenshot. The VNF should have all the relevant config to connect to vBond from the template you attached and upon fully booting should sync up with vBond and the certificate generation and attachment process will occur automatically.

 

Also, note that you will need to ensure that the management IP is set to whatever ENCS is expecting or NFV won't be able to ping the VNF and will assume its dead, thereby putting it in an endless recovery boot loop.

 

Standing by to further assist.

Luis Rueda
Cisco Employee
Cisco Employee
‎09-05-2019 09:06 PM

Hi @anthony.wild,

 

Maybe I did not express myself correctly. In @kramesh's example his generated cloud-init config has the following snip:

 

 - rcc : true
ca-certs:
 remove-defaults: false
 trusted:
 - |
  -----BEGIN CERTIFICATE-----

Just curious how he got vManage to know that he is using non standard certificates and make that part of the generated bootstrap config.

 

anthony.wild
Level 1
Level 1
‎09-05-2019 09:27 PM

Luis,

 

Like I said above, that snippet is automatically generated by vManage in the cloud init string among other things. You don't have to worry about it. Just attach your template to the device placeholder that gets brought into vManage after you sync with PNP. Then when you deploy the VNF you'll slipstream it in as part of the Bootstrap Payload.

 

In short;

 

1) Add the software device in PNP (ISRv)

2) Sync vManage with PNP

3) Go to Devices, Note the new ISRv brought in

4) Attach template

5) Generate Bootstrap Config (Cloud Init)

6) Deploy VNF (ISRv cEdge) with Bootstrap Payload, copy/paste in from step 5

7) Ensure that your VPN 512 management interface is assigned the same IP that ENCS has assigned (10.20.X.X) so NFVIS can ping the VNF and affirm its alive.

8) Done

 

If you want I can Webex to show you exactly what I mean.

 

Anthony

Luis Rueda
Cisco Employee
Cisco Employee
‎09-06-2019 07:21 AM

Hi @anthony.wild ,

 

I know all those steps, and have done that. I am just curious about the rcc to add the root certificates portion of the ciscosdwan_cloud_init.cfg file, everything else I have done/seen before.

 

BTW I do that part manually so I am no stranger to the process.

 

Rgds,

Luis

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents