cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Step-by-step ENCS Onboarding on vManage using PnP

665
Views
0
Helpful
0
Comments

Goal

To successfully provision a ENCS device in remote site with internet connection. 

Documentation

Minimum software release requirements.

-ENCS platform with NFVIS 4.6.1 release.

-vManage 20.6.1 release.

 

This document is expected to complement SD-Branch Design and Deployment Guide

Also reference

Getting started with ENCS

How to create VNF package 

 

Define

Typical virtual branch deployment requires authorized list of devices and image packages for the services to be deployed. Also, VNF service images must be made available in vmanage image repository. 

 

Device List

Create the device list in Smart Account and make it available in vManage

Spoiler

When the ENCS devices are ordered with controller mode, Cisco Manufacturing will populate the devices in the smart account. Often, for demos/POC, the following manual approach is required. 

1. Access the ENCS through console, change the default password Admin123# to a secure password that meets the password policy requirement. Login to get the device's Serial Number and SUDI Certificate, used in the next step. To do so, follow the example below.
login as: admin
admin@10.29.43.81's password: xxxxxxxx
Cisco Network Function Virtualization Infrastructure Software (NFVIS)
NFVIS Version: 4.6.1-FC1
Copyright (c) 2015-2021 by Cisco Systems, Inc.
Cisco, Cisco Systems, and Cisco Systems logo are registered trademarks of Cisco
Systems, Inc. and/or its affiliates in the U.S. and certain other countries.
The copyrights to certain works contained in this software are owned by other
third parties and used and distributed under third party license agreements.
Certain components of this software are licensed under the GNU GPL 2.0, GPL 3.0,
LGPL 2.1, LGPL 3.0 and AGPL 3.0.
admin connected from 10.24.34.130 using ssh on nfvis
nfvis# support show chassis
Product Name             : ENCS5412/K9
Chassis Serial Num       : FGL214381Z5
Certificate Serial Num   : 1FBF965
nfvis#

Add Device to Smart Account

1. Navigate to software.cisco.com

2. Scroll down to the Smart Licensing section. 

3. Under Network Plug and Play, click on Manage devices.


PnP.png
4. Click on Add Device(s).
Add device.png
5. Under the Identify source, select the Enter Device info manually option. Advance to the next step by clicking Next.
Enter Device info manually.png

6. Click on Identify Device.

7. Enter Serial Number, select Base PID  (ENCS) from the drop-down menu and add Controller Profile (VIPTELA-CLOUD-HOSTED-PROFILE) from the drop-down menu. Click Save and advance to the next step by clicking Next.
8. Verify the entered information and click Next. Advance to the next step by clicking Submit.

9. If the device is added correctly, you should see a success message. Click on Done to add the device.
Add the device.png

10. You will be redirected to the initial PnP Connect Devices page. You should be able to see the newly added device listed with the Pending (Redirection) status.

Sync Smart Account via vManage

1. Log in to vManage.

2. Navigate to the Hamburger Menu, go to Configuration > Devices.

3. Click on Sync Smart Account. When prompted, enter CEC Credentials.
4. Refresh the Smart Account Device Sync Service page to see the status of the sync. The Success message will appear in the Status box.

5. After the device has been successfully added to vManage, you should see the ENCS54xx in the Devices list.

Note: If you still don't see the ENCS54xx Gateway in the Devices list, try syncing the smart account one more time.

6. The device will reach out to the Plug and Play Connect portal to receive the controller information. Do not interrupt the PnP boot-up process or the redirection to controllers will fail.
7. Select your device from the Available Devices window and move it to the Selected Devices section. Click on Attach.

Image Packages

Spoiler

1.1  VNF package for vBranch

This chapter is to describe how to get the VNF packages for vBranch and modify/re-package if needed and then upload into vManage.

  • Download VNF package for vBranch from CCO
  • Modify and repackage for vBranch VNF package (Optional)
  • Upload VNF package into vManage

1.1.1  Download VNF package for vBranch from CCO

Currently the legacy VNF package posted in CCO links cannot be used due to format incompatible.

 

Please find Cisco supported VNF package at https://software.cisco.com/download/home/286308649/type/286327969/release/17.03.03

 

For third party VNF, please download the scaffold packages at https://software.cisco.com/download/home/286308693/type/286327978/release/4.4.1

 

1.1.2  Modify and repackage for vBranch VNF package (Optional)

CCO golden vBranch VNF packages for SDWAN routers such as C8000v, ISRv and vEdge have day0 configuration with the following network mapping which match to vBranch pre-defined 5 topologies in Network Design.

Below is the pre-defined default network mapping for SDWAN routers.

  • vnic0 -> int-mgmt-net
  • vnic1 -> GE0-0-SRIOV-1
  • vnic2 -> mgmt-net
  • vnic3 -> lan-net

If want to change day0 configuration in cloudinit bootstrap file, users can follow the steps below to repackage.

  • Download the golden vBranch VNF package from CCO
  • Extract the golden vBranch VNF package
  • Modify day0 configuration in cloudinit bootstrap file including enterprise root CA addition
  • Modify image_properties.xml file for <name> and add/delete/modify <bootstrap_file> and <custom_property> when needed
  • Modify package.mf with new checksum for all modified files
    Repackage

1.1.1  Upload VNF package into vManage

  • Open vManage UI and goto “Maintenance” -> “Software Repository” -> “Virtual Images” -> “Upload Virtual Image” -> select “vManage”
  • In the pop-up window, browse and select the VNF package(s) for upload (NOTE: The upload speed depends on the package size and network quality)
  • After upload, the new entry will be shown in the table in “Virtual Images” page

 

 

 

Design

Create a Network Design Template with multi-VNF service chain

Circuit Creation

Spoiler

Reference: https://sdwan-docs.cisco.com/Product_Documentation/vManage_Help/Release_18.4/Configuration/Network_Design#Configure_Circuits

 

This chapter is to show how to create circuit in vManage Network Design flow.

  • Open vManage UI and goto “Configuration” -> “Network Design” -> click “Manage Network Design” -> click “Circuits”
  • In the pop-up side window on the right, click “Add New” -> select “Circuit Type” -> In “Circuit Color” pull-down menu, select circuit color
  • Optional: Repeat above step to add multiple circuits
  • Click “Finish” -> click “Save”

Branch Site Creation

Spoiler

Reference: https://sdwan-docs.cisco.com/Product_Documentation/vManage_Help/Release_18.4/Configuration/Network_Design#Configure_Branch_Sites

 

This chapter is to show how to create branch for ENCS-5400 device-model in vManage Network Design flow.

  • Open vManage UI and goto “Configuration” -> “Network Design” -> click “Manage Network Design” -> click “Branch Sites”
  • In the pop-up side window on the right, fill out “Branch Name” -> click “Add Device Profile”
  • In the device profile section, fill out “Name” -> select “ENCS-5400” in Device Model pull-down menu -> check circuit(s) in Circuits pull-down menu
  • Optional: If need to add another device profile, please click “Add Device Profile” button again. This can be used for HA topology.
  • Click “Next” -> click “Add Segments” -> In the pull-down menu, select available discovered segment(s)

Note: This discovered segment(s) are automatically detected from existing SDWAN setup. Selecting segment(s) here is only providing a logic view from topology and WILL NOT configure any VPN in NFVIS/ENCS.

  • Click “Add” -> click “Finish” -> click “Save”

 

Branch Site Configuration

This chapter is to show how to configure branch site for network design template for ENCS-5400 device-model.

  • Add Profile
  • Add Service
  • Add CLI Configuration
Spoiler

Add Profile

  • Open vManage UI and goto “Configuration” -> “Network Design” -> click “Manage Network Design”
  • Click on the device profile in the diagram and pop-up window will be shown -> click “Create Profile” to access Profile “WAN” page -> complete WAN configuration
    • Double click “Interface Name” field and select either “GE0-0” or “GE0-1” from the pull-down menu
    • Select “DHCP” or “Static” for “Interface IP”. Note: NFVIS only support one DHCP interface. So, in ENCS, only one interface can be selected as DHCP among GE0-0, GE0-1 in WAN page and mgmt in Management page.
    • Optional: In Profile “WAN” page, DNS field is optional. If needed, enter DNS IP here.
  • Click “Next” to “LAN” page -> complete LAN configuration
    • Fill out “Global VLAN” field. Note: Separate VLAN ID by comma and hyphen is supported for VLAN range
    • Double click “Interface Name” and select ENCS switch port interface “gigabitEthernet1/0 … gigabitEthernet1/7” to meet the topology requirement
    • For each interface, select “Spanning Tree”, “VLAN Mode” and fill out “VLAN”. Note: Separate VLAN ID by comma and hyphen is supported for VLAN range
    • Optional: change “Native VLAN” ID when select “VLAN Mode” to “Trunk”
  • Click “Next” to “Management” page -> complete Management configuration
    • Double click “Interface Name” field and select value “mgmt”
    • Select “DHCP” or “Static” for “Interface IP”. Note: NFVIS only support one DHCP interface. So, in ENCS, only one interface can be selected as DHCP among GE0-0, GE0-1 in WAN page and mgmt in Management page.
    • Optional: In Profile “Management” page, DNS field is optional. If needed, enter DNS IP here.
  • Click “Done” -> click “Save”

Add Service

  • Open vManage UI and goto “Configuration” -> “Network Design” -> click “Manage Network Design”
  • Click on the device profile in the diagram and pop-up window will be shown -> click “Add Services”
  • In the “Add Service” landing page, pre-defined 5 topologies selection page will be popped up -> Select one topology to meet the requirement -> Review the logic diagram and click “APPLY”. Note: In this document, use topology #2 with customized single IP VNF package as the example.
  • In Configure Service page, default Routing service will be shown -> complete the configuration
    • Edit “Service Name” if needed. (Default will be ROUTER_x)
    • Select “Image Package” from the pull-down menu
    • Fill out CPU, Memory, Disk and Deployment Disk when needed. (Note: when click the resource field, UI will show the range for the each resource. By default, resource value will be assigned to the minimum value in the range for each resource)
    • Click “Apply” -> click pencil icon on the service to edit service for network mapping
  • In “Edit Service” page, complete the configuration
    • Change vnic network mapping to meet the day0 bootstrap configuration
    • Click “Add Interface” to add additional interface when needed
      • Enter vnic ID number
      • For “Connected To” pull-down menu, click “New Network”
      • For “Service Network Name” pull-down menu, either action below can be done
        • Select one available network such as wan-net, wan2-net, lan-net and other SRIOV network. Note: SRIOV network can be used for one interface only. OVS network such as lan-net can be used for multiple interfaces.
        • Enter a new network name and new bridge
        • Optional: select “Mode” and enter VLAN ID if needed
        • Click “Confirm”
      • In the review page, expand the service entry to review resource and network configuration
      • Click “Networks” button to edit network configuration
        • Click pencil icon on particular network
        • Change Mode and VLAN as needed
        • Click “APPLY”
      • Review “Networks” configuration and click “Done”
      • Review the service again
      • Click “Preview Topology” button to view the service logic connection
      • Click “Finish” -> click “Save”

Add CLI Configuration for advanced feature(s)

Reference: https://www.cisco.com/c/en/us/td/docs/routers/nfvis/config/sd-branch-4/b-NFV-vManage-solution-guide/m-design-nfvis-sd-branch-solution.html#Cisco_Concept.dita_22e50f3c-9bec-4fa7-afde-d00ebed1e5d7

 

  • Open vManage UI and goto “Configuration” -> “Network Design” -> click “Manage Network Design”
  • Click on the device profile in the diagram and pop-up window will be shown -> click “Add Cli Configuration”
  • Copy and paste the required CLI configurations for advanced features which are not supported in Network Design UI
  • Note:
  • For vm_lifecycle VM group name and VM deployment name, please add “deployment-“ prefix. For example: when service VM name is specified as ISRv, in vm_lifecycle, VM group name and VM deployment name will be “deployment-ISRv”.
  • For SNMP configuration, please add “nfvis-snmp:” prefix in each SNMP command.
  • Click “Save” -> click “Save”

Below are the validated features for add-on CLI configuration.

 

Boot-up time

vm_lifecycle tenants tenant admindeployments deployment deployment-ROUTER_1  vm_group deployment-ROUTER_1   bootup_time        600

PNIC tracking

pnic GE0-0 track-state ROUTER_1 1

ACL

system settings ip-receive-acl 0.0.0.0/0service  [ scpd ]action   acceptpriority 0
!
system settings ip-receive-acl 10.31.40.24/32service  [ scpd ]action   acceptpriority 5

!

Static route

system routes route 102.0.0.0 24gateway 192.168.0.2

 

TACACS

aaa authentication tacacstacacs-server host 172.19.156.179key                     7encrypted-shared-secret cisco123admin-priv              15oper-priv               14
!

 

Banner

banner-motd banner "Banner for vBranch"

Message of the Day (MOTD)

banner-motd motd "MOTD for vBranch"

SNMP

nfvis-snmp:snmp enable traps linkUp
nfvis-snmp:snmp enable traps linkDown
nfvis-snmp:snmp community test
snmpcommunity-access readOnly
!
nfvis-snmp:snmp group snmpgroupv1 snmp 1 noAuthNoPrivread testwrite testnotify test
!
nfvis-snmp:snmp group snmpgroupv2 snmp 2 noAuthNoPrivread testwrite testnotify test
!
nfvis-snmp:snmp group snmpgroupv3 snmp 3 authPrivread testwrite testnotify test
!
nfvis-snmp:snmp user testerv1user-version 1user-group snmpgroupv1
!
nfvis-snmp:snmp user testerv2user-version 2user-group snmpgroupv2
!
nfvis-snmp:snmp user testerv3user-version 3user-group snmpgroupv3auth-protocol sha passphrase cisco123priv-protocol aes passphrase cisco123
!
nfvis-snmp:snmp host SNMP-SERVER-57host-port 161host-ip-address 172.19.149.57host-version 3host-security-level authPrivhost-user-name testerv3
!
nfvis-snmp:snmp host SNMP-SERVER-179host-port 161host-ip-address 172.19.156.179host-version 1host-security-level noAuthNoPrivhost-user-name testerv1
!
nfvis-snmp:snmp host SNMP-SERVER-229host-port 161host-ip-address 172.25.221.229host-version 2host-security-level noAuthNoPrivhost-user-name testerv2
!

 

Default gateway

system settings default-gw 172.25.217.1

ENCS switch configurations: port-channel, track-state, speed, duplex and QoS

switchinterface gigabitEthernet1/0track-state ISRv 3
!
interface gigabitEthernet1/1speed 100duplex full
!
interface gigabitEthernet1/2channel-group 1 mode auto
!
interface gigabitEthernet1/3channel-group 1 mode auto!interface gigabitEthernet1/4qos cos 3
!
interface port-channel1spanning-tree mst 1 cost 200000000spanning-tree mst 2 cost 200000000switchport mode trunkno switchport trunk allowedswitchport trunk allowed vlan vlan-range 100,126-128!qos port ports-trustedqos trust cos-dscpspanning-tree mode mstspanning-tree mst 2 priority 61440spanning-tree mst configurationname mst_LANinstance 1 vlan 996-998instance 2 vlan 100,126-128!

Single IP Address Sharing between NFVIS and the Router VM

single-ip-mode vm-name deployment-ROUTER_1. deployment-ROUTER_1

 

Add Global Parameters for AAA, NTP and Logging settings

Spoiler

Important Note:

Only Cisco AAA, Cisco NTP and Cisco Logging under CEDGE section are supported for NFVIS/ENCS device. Please DO NOT configure for other options in the pull-down menu.

This is also applicable to cEdge system.

 

Open vManage UI and goto “Configuration” -> “Network Design” -> click “Manage Network Design” -> click “Global Parameters” -> in pull-down menu, goto “CEDGE” section

  • Click “Cisco NTP” to configure NTP server(s) for ENCS
    • Note: NFVIS only supports one primary NTP server and one backup NTP server
  • Click “Cisco Logging” to configure syslog server(s) for ENCS
    • Note: NFVIS only supports up to 4 syslog servers
  • Click “Cisco AAA” to configure users
    • Note: vManage only support “Local Users” for now. For TACACS and RADIUS users, please use Add-On CLI Configuration to configure the advanced features on NFVIS.
    • Note: Default admin password is admin
    • Note: Only support administrator (privilege = 15) and operator (privilege = 1) roles

Deploy 

Attach devices to a design template and drive deploy services

Spoiler

Reference: https://sdwan-docs.cisco.com/Product_Documentation/vManage_Help/Release_18.4/Configuration/Network_Design#Attach.2C_Detach.2C_Export.2C_Update_Device_Profiles

 

This chapter is to show how to create network design template for ENCS-5400 device-model in vManage Network Design flow.

 

  • Open vManage UI and goto “Configuration” -> “Network Design” -> click “Attach Device”
  • Click on the device -> click “Attach Devices”
  • In the pop-up window on the left panel “Available Devices”, highlight and select device(s) -> click arrow button and move to right panel “Selected Devices” -> click “Attach”
  • In the “Device Variable” page, click “…” on the right-most of the device entry -> click “Edit Device Template”
  • Fill out all required values for variables -> click “Update”
  • Optional: Strongly recommend to click Arror Down button on the right hand side and save CSV file for the future.
  • Click “Next” to Preview page -> highlight the device -> review the full configuration -> click “Configure Devices”
  • Check “Task” on the top-right corner of vManage UI
  • 1st Task is to push template and scheduled
  • 2nd Task is “VNF Install” to download VNF package(s) to the device
    • Note: This task may take some time due to file size and network quality
  • After full vBranch workflow is done. Check “Configuration” -> “Network Design” -> on the device, a GREEN check mark should show up
  • Goto “Configuration” -> “Device” -> Check ENCS device Hostname, System IP, Site ID, Mode, Assigned Template and Device Status

 

DONE. vBranch workflow is complete and branch service is running.

Operate

Manage and Monitor device