This document provides step by step instruction on getting started with CSP5000 series platform.
Following is a quick overview of hardware ports and best practice for getting started.
These are key considerations when transitioning from CSP-OS to NFVIS on CSP5000 platform.
-Configuration inside the VM(on CSP-OS host) may need to be saved offline and restored on the new VM(on NFVIS host).
-In a CSP-OS system, hyperthreading is disabled by default. NFVIS allows for VMs to be deployed in CPU sharing mode, this would require Hyperthreading enabled in CIMC configuration as documented in the CIMC settings screen shots.
Verify / Upgrade platform management software(CIMC, etc)
Please refer NFVIS release notes for validated CIMC, BIOS versions.
https://www.cisco.com/c/en/us/td/docs/routers/nfvis/release_notes/4-7/cisco-enterprise-nfvis-release-notes-4-7.html
Verify CIMC BIOS versionIf the CIMC and BIOS versions in the current system do not match release notes recommendation, the following procedures can be used for updating the CIMC, BIOS versions and firmware.
As a first step, configure the boot order. This will ensure that the Host Upgrade utility mapped in the next step will be used in the CIMC, BIOS update.
Boot from Host Upgrade Utility iso
Upgrade CIMC and BIOS using HUU iso
Host Upgrade Utility menu
Activate CIMC upgradeInstall NFVIS
https://software.cisco.com/download/home/286308649/type/286309317/release/4.7.1
Choose Cisco_NFVIS-4.7.1-FC4.iso
Upgrade from N->N+2 release can also be done using the same .iso using NFVIS GUI Operations->Upgrade
Install NFVIS from virtual CDROMnfvis login: console (automatic login)
Cisco Network Function Virtualization Infrastructure Software (NFVIS)
NFVIS Version: 4.7.1-FC4
Copyright (c) 2015-2022 by Cisco Systems, Inc.
Cisco, Cisco Systems, and Cisco Systems logo are registered trademarks of Cisco
Systems, Inc. and/or its affiliates in the U.S. and certain other countries.
The copyrights to certain works contained in this software are owned by other
third parties and used and distributed under third party license agreements.
Certain components of this software are licensed under the GNU GPL 2.0, GPL 3.0,
LGPL 2.1, LGPL 3.0 and AGPL 3.0.
login: [ 339.195378] device int-mgmt-net-br entered promiscuous mode
login: admin
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
admin@localhost's password:
Cisco Network Function Virtualization Infrastructure Software (NFVIS)
NFVIS Version: 4.7.1-FC4
Copyright (c) 2015-2022 by Cisco Systems, Inc.
Cisco, Cisco Systems, and Cisco Systems logo are registered trademarks of Cisco
Systems, Inc. and/or its affiliates in the U.S. and certain other countries.
The copyrights to certain works contained in this software are owned by other
third parties and used and distributed under third party license agreements.
Certain components of this software are licensed under the GNU GPL 2.0, GPL 3.0,
LGPL 2.1, LGPL 3.0 and AGPL 3.0.
admin connected from ::1 using ssh on nfvis
admin logged with default credentials
Please provide a password which satisfies the following criteria:
1.At least one lowercase character
2.At least one uppercase character
3.At least one number
4.At least one special character from # _ - * ?
5.Length should be between 7 and 128 characters
Please reset the password :xxxxxxxx
Please reenter the password :xxxxxxxx
Resetting admin password
New admin password is set
nfvis#
System message at 2022-02-01 21:58:02...
Commit performed by system via system using system.
nfvis# config t
Entering configuration mode terminal
nfvis(config)# system settings mgmt ip address 10.29.43.224 255.255.255.0
nfvis(config)# bridges bridge wan-br
nfvis(config-bridge-wan-br)# no dhcp
nfvis(config-bridge-wan-br)# system settings default-gw 10.29.43.1
nfvis(config)# commit
Commit complete.
nfvis(config)# end
Access NFVIS GUI and Deploy VM
Login to management GUI using the MGMT ip address configured.
Configuration->Virtual Machine->Images->Image Repository
C8000v VM package for NFVIS is published in Cisco Software Downloads site.
https://software.cisco.com/download/home/286327102/type/282046477/release/Cupertino-17.7.1a
Cisco Catalyst 8000V IOS XE Universal - Crypto 8G Serial TAR
For other VMs, user would create VM package with the following instructions.
https://community.cisco.com/t5/networking-documents/step-by-step-how-to-create-a-vm-package-for-nfvis/ta-p/3732265
Upload and Register Image
Configuration->Virtual Machine->Networking->Networks
Create networks required for vnic connections during VM deployment. Following is an example where a mgmt-net is created and same physical port used for NFVIS manage is used for VM management also.
Networking tab in the GUI can be used for setting the following.
1. OVS or SRIOV network configured in Trunk mode with allowed VLANs:
In this configuration, dot1q vlan tagged packets from/to VM are passed through the interface.
2. OVS or SRIOV network configured in Access mode with specific VLAN:
This configuration is used when the Hypervisor is expected to add/remove VLAN tag on behalf of the VM.
Note: When using non IOSXE VM on NFVIS system, particularly with SRIOV mode,
we recommend that interop testing be performed prior to NFVIS upgrade.
SRIOV nic driver interop between VM and NFVIS with newer software versions(VM and NFVIS) could be proven with the interop testing.
Add Network
Verify Network
Configuration->Deploy
VNF DeployConfiguration->Virtual Machine->Manage
VNF ManageMigration Steps from CSPOS to NFVIS on CSP5000 platform
1. CSPOS and VM configuration backup
2. Create VNF packages with device specific bootstrap configuration for every device
3. Provision CSP5000 NFVIS platform 1..N
a. Install NFVIS 4.7.1FC4 (or latest) using CIMC
b. Configure management IP, netmask, Default gateway using CIMC kvm console
c. Upload the device specific VNF image package(s), using NFVIS local UI
d. Provision the device with equivalent NFVIS configuration via SSH CLI. Verify deployment via local UI.
NFVIS vs CSP-OS comparison Table
|
|
CSP-OS |
NFVIS |
Comments |
|
BIOS |
Requires hyper-threading OFF |
Supports hyper-threading |
NFVIS - Can set dedicated cores per VNF if needed |
|
|
|
|
|
|
MGMT |
Individual Port |
Individual Port |
|
|
MGMT |
Supports Port-channel |
Supports Port-channel |
LACP Active Bond Mode Balance-slb |
|
SRIOV |
Supports SRIOV |
Support SRIOV |
|
|
Default numvfs |
0 VFs, Sriov needs to enabled, numvfs and VEPA/VEB mode selected |
4 VFs, SRIOV enabled on PNICs that support it. VEB is default |
Is VEPA mode supported? Not in Branch software |
|
Modify numvfs |
Delete all services, disable SRIOV, change numVFs and switchmode, enable SRIOV |
Delete all services, disable SRIOV, change numVFs and switchmode, enable SRIOV |
Large number of unused VFs clutters GUI in NFVIS |
|
VNIC to PNIC connection |
CSP VNIC directly connects to SRIOV PNIC, VF is automatically assigned and no specific network needs to be created |
NFVIS requires a network So PNIC, to VFs, each VF is assigned to a network |
Assign numvfs, create numvf number of unique networks. These networks exist even if they are unused. |
|
VF with VLAN |
CSP dynamically assigns VLAN to vf |
NFVIS – Network needs to be setup with VLAN and then used for the VF |
|
|
VM creation |
CSP-OS creation does not require a flavor, everything a VNF needs can be specified during creation |
NFVIS requires a Flavor (CPU/MEM/DISK etc). And then the individual VNICs are created and connected to networks |
Needed Networks need to exist |
|
Day0 file (Copy Paste) |
Can be cut and pasted dynamically if needed |
Can be cut and pasted dynamically if needed |
|
|
Multiple Day0 file bootstrap as a file |
Multiple Day0 file can be added as part of deployment. CSP-OS takes care of bundling and creating an ISO image |
Multiple Day0 file needs to added as part of a package creation process. |
https://www.cisco.com/c/en/us/td/docs/routers/nfvis/user_guide/b-api-reference-for-cisco-enterprise-nfvis/b-api-reference-for-cisco-enterprise-nfvis_chapter_01.html
|
CSP-OS to NFVIS Migration considerations
When migrating from CSPOS to NFVIS, migration steps 3b,3c,3d above will require the following NFVIS configurations. Also Refer to the CSPOS and NFVIS comparison table above for differences in the relevant configuration sections.
NFVIS – Day-1 setup
Create a Port-Channel (PNIC)
TEST-NFVI(config)# pnic TEST
Possible completions:
adminstatus Admin configured status for a physical interface
duplex interface duplex
lldp lldp is enabled or not for this interface
member_of pnic name this pnic is a member of
promiscuous promiscuous mode is enabled or not for this interface
speed interface configurational speed
sriov SR-IOV configuration
track-state Notify state change of PNIC to the configured VMs VNICs
type pnic type
<cr>
TEST-NFVI(config)# pnic MGMT_PC type port_channel lacp_type active bond_mode balance-tcp trunks 9 lldp enabled adminstatus up
Add Members to Port-channel (PNIC)
In this example I am planning to add eth0-1 and eth0-2 – but they are already part of a bridge network, So they have to be removed from that relationship before being added to our Port_channel
Remove from Network
TEST-NFVI(config)# bridges bridge wan-br
TEST-NFVI(config-bridge-wan-br)# no port eth0-1
TEST-NFVI(config)# bridges bridge lan-br
TEST-NFVI(config-bridge-wan-br)# no port eth0-2
Add to PNIC (Port-Channel)
TEST-NFVI(config)# pnic eth0-1
TEST-NFVI(config-pnic-eth0-1)# member_of MGMT_PC
TEST-NFVI(config)# pnic eth0-2
TEST-NFVI(config-pnic-eth0-1)# member_of MGMT_PC
Show Commands PNIC
TEST-NFVI# show running-config pnic MGMT_PC
pnic MGMT_PC
type port_channel
bond_mode balance-tcp
trunks 9
lacp_type active
!
TEST-NFVI# show running-config pnic eth0-1
pnic eth0-1
member_of MGMT_PC
sriov numvfs 2
lldp enabled
!
TEST-NFVI# show running-config pnic eth0-2
pnic eth0-2
member_of MGMT_PC
sriov numvfs 2
lldp enabled
!
Need a Network BRIDGE to be created MGMT_BR
Create a bridge, assign Port-Channel pnic MGMT_PC as a port, assign a vlan 9 (in our case) and ip address/mask
TEST-NFVI(config)# bridges bridge MGMT_BR
TEST-NFVI(config-bridge-MGMT_BR)# vlan 9
TEST-NFVI(config-bridge-MGMT_BR)# port MGMT_PC
TEST-NFVI(config-bridge-MGMT_BR)# ip address 10.10.10.25 255.255.255.0
Show commands (Bridges)
TEST-NFVI# show running-config bridges
bridges bridge wan-br
!
bridges bridge lan-br
ip address 192.168.1.2 255.255.255.0
!
bridges bridge MGMT_BR
ip address 9.9.9.37 255.255.0.0
vlan 9
port MGMT_PC
!
!
ANAMOLY – lldp with Port-channel bond-mode
TEST-NFVI(config)# pnic HA-A type port_channel lacp_type active bond_mode
Possible completions:
active-backup balance-slb balance-tcp
TEST-NFVI(config)# pnic HA-A type port_channel lacp_type active bond_mode balance-slb tr
Possible completions:
track-state Notify state change of PNIC to the configured VMs VNICs
trunks define vlan trunks.
TEST-NFVI(config)# pnic HA-A type port_channel lacp_type active bond_mode balance-tcp
Possible completions:
adminstatus Admin configured status for a physical interface
lldp lldp is enabled or not for this interface
track-state Notify state change of PNIC to the configured VMs VNICs
trunks define vlan trunks.
<cr>
Configure Default Gateway (System Settings)
system settings default-gw 9.9.9.1
system settings hostname TEST-NFVI
show / set system settings
TEST-NFVI(config)# system settings
Possible completions:
cimc-access Configure CIMC access through NFVIS on ENCS-5400 platform
default-gw Default gateway
default-gw-ipv6 Default gateway for ipv6 address
disk-space Configurations for system disk space
dns-server List of DNS servers, max 3 can be configured
domain domain
dpdk enable dpdk support on service bridges
hostname hostname - range (1-58); must begin with letter or digit; can
contain alphabets, numbers and hyphen
ip-receive-acl ACL for managing interface group
logging Logging configuration
mgmt Management IP address configuration
name-server
source-interface Source IP address configuration for originating traffic
wan Wan NFVIS management configuration
SRIOV (set up)
Default state of SRIOV Ports
TEST-NFVI# show running-config pnic eth1-2
pnic eth1-2
sriov numvfs 4
!
TEST-NFVI# show running-config networks network | include eth1-2
networks network eth1-2-SRIOV-1
networks network eth1-2-SRIOV-2
networks network eth1-2-SRIOV-3
networks network eth1-2-SRIOV-4
TEST-NFVI# show pnic eth1-2 sriov
sriov sriov-support true
sriov maxvfs 61
sriov numvfs-onsystem 4
sriov inusevfs 4
sriov status enabled
Explanation
Every port capable of supporting SRIOV is initialized with maxvfs supported by hardware, and has 4 VFs enabled by default, and 4 SRIOV networks created and associated with each VF.
How to dynamically add more VFs to a default system port
Port like eth1-2 (which in this example is an x520)
Delete ALL <pnic-name>SRIOV-<num> networks
TEST-NFVI(config)# no networks network eth1-2-SRIOV-1
TEST-NFVI(config)# no networks network eth1-2-SRIOV-2
TEST-NFVI(config)# no networks network eth1-2-SRIOV-3
TEST-NFVI(config)# no networks network eth1-2-SRIOV-4
Disable SRIOV on the PNIC
TEST-NFVI(config)# no pnic eth1-2 sriov
TEST-NFVI(config)# end
TEST-NFVI# show running-config pnic eth1-2
pnic eth1-2
sriov numvfs 4
!
TEST-NFVI# config t
Entering configuration mode terminal
TEST-NFVI(config)# no networks network eth1-2-SRIOV-1
TEST-NFVI(config)# no networks network eth1-2-SRIOV-2
TEST-NFVI(config)# no networks network eth1-2-SRIOV-3
TEST-NFVI(config)# no networks network eth1-2-SRIOV-4
TEST-NFVI(config)# no pnic eth1-2 sriov
TEST-NFVI(config)# commit
Commit complete.
TEST-NFVI(config)# do show running-config pnic eth1-2
pnic eth1-2
!
Enable SRIOV on PNIC
TEST-NFVI(config)# pnic eth1-2
TEST-NFVI(config-pnic-eth1-2)# sriov numvfs 10
TEST-NFVI(config-pnic-eth1-2)# commit
Commit complete.
Show commands
TEST-NFVI# show running-config pnic eth1-2
pnic eth1-2
sriov numvfs 8
!
Create Networks
Steps to create SRIOV networks
- PNIC must have SRIOV enabled and be configured with numvfs
- SRIOV network name format: <pnic_name>-SRIOV-<num>
- <pnic_name>: must be valid PNIC name
- <num>: must be greater than 0 and less than numvfs
TEST-NFVI# config t
Entering configuration mode terminal
TEST-NFVI(config-network-eth1-2-SRIOV-3)# networks network eth1-2-SRIOV-1 sriov true
TEST-NFVI(config-network-eth1-2-SRIOV-4)# networks network eth1-2-SRIOV-2 sriov true
TEST-NFVI(config-network-eth1-2-SRIOV-5)# networks network eth1-2-SRIOV-3 sriov true
TEST-NFVI(config-network-eth1-2-SRIOV-3)# networks network eth1-2-SRIOV-4 sriov true
TEST-NFVI(config-network-eth1-2-SRIOV-4)# networks network eth1-2-SRIOV-5 sriov true
TEST-NFVI(config-network-eth1-2-SRIOV-5)# networks network eth1-2-SRIOV-6 sriov true
TEST-NFVI(config-network-eth1-2-SRIOV-6)# networks network eth1-2-SRIOV-7 sriov true
TEST-NFVI(config-network-eth1-2-SRIOV-7)# networks network eth1-2-SRIOV-8 sriov true
TEST-NFVI(config-network-eth1-2-SRIOV-8)# commit
Commit complete.
Show Commands (networks network)
TEST-NFVI# show running-config networks network | include eth1-2
networks network eth1-2-SRIOV-1
networks network eth1-2-SRIOV-2
networks network eth1-2-SRIOV-3
networks network eth1-2-SRIOV-4
networks network eth1-2-SRIOV-5
networks network eth1-2-SRIOV-6
networks network eth1-2-SRIOV-7
networks network eth1-2-SRIOV-8
TEST-NFVI# show running-config pnic eth1-2
pnic eth1-2
sriov numvfs 10
!
TEST-NFVI# show pnic eth1-2 sriov
sriov sriov-support true
sriov maxvfs 61
sriov numvfs-onsystem 10
sriov inusevfs 8
sriov status enabled
TEST-NFVI#
APPENDIX
Additional show commands
System Networks
TEST-NFVI# show system networks
RX TX RX RX TX RX
RX TX RX TX UNICAST UNICAST MULTICAST BROADCAST BROADCAST RX TX UNKNOWN TX
NETWORK BRIDGE PORTS TYPE VLAN BYTES BYTES PKTS PKTS PKTS PKTS PKTS PKTS PKTS DISCARDS DISCARDS PROTOCOL ERRORS
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
wan-net wan-br N/A openvswitch N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
lan-net lan-br N/A openvswitch N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
eth0-1-SRIOV-1 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth0-1-SRIOV-2 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth0-2-SRIOV-1 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth0-2-SRIOV-2 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth2-1-SRIOV-1 N/A N/A SRIOV N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
eth2-1-SRIOV-2 N/A N/A SRIOV N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
eth2-1-SRIOV-3 N/A N/A SRIOV N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
eth2-1-SRIOV-4 N/A N/A SRIOV N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
eth2-2-SRIOV-1 N/A N/A SRIOV N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
eth2-2-SRIOV-2 N/A N/A SRIOV N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
eth2-2-SRIOV-3 N/A N/A SRIOV N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
eth2-2-SRIOV-4 N/A N/A SRIOV N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
eth2-3-SRIOV-1 N/A N/A SRIOV N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
eth2-3-SRIOV-2 N/A N/A SRIOV N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
eth2-3-SRIOV-3 N/A N/A SRIOV N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
eth2-3-SRIOV-4 N/A N/A SRIOV N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
eth2-4-SRIOV-1 N/A N/A SRIOV N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
eth2-4-SRIOV-2 N/A N/A SRIOV N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
eth2-4-SRIOV-3 N/A N/A SRIOV N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
eth2-4-SRIOV-4 N/A N/A SRIOV N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
eth3-1-SRIOV-1 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth3-1-SRIOV-2 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth3-2-SRIOV-1 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth3-2-SRIOV-2 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth3-3-SRIOV-1 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth3-3-SRIOV-2 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth1-1-SRIOV-1 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth1-1-SRIOV-2 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth1-1-SRIOV-3 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth1-1-SRIOV-4 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth1-1-SRIOV-5 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth1-1-SRIOV-6 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth1-1-SRIOV-7 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth1-1-SRIOV-8 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth1-2-SRIOV-1 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth1-2-SRIOV-2 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth1-2-SRIOV-3 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth1-2-SRIOV-4 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth1-2-SRIOV-5 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth1-2-SRIOV-6 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth1-2-SRIOV-7 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
eth1-2-SRIOV-8 N/A N/A SRIOV N/A 0 0 0 0 N/A N/A 0 N/A N/A N/A N/A N/A N/A
Platform detail
TEST-NFVI# show platform-detail
platform-detail hardware_info Manufacturer "Cisco Systems Inc"
platform-detail hardware_info PID CSP-2100-X1
platform-detail hardware_info SN FCH2223V1WB
platform-detail hardware_info hardware-version 74-12419-02
platform-detail hardware_info UUID 3c415cca-35cd-0a40-b32a-1730d6170519
platform-detail hardware_info Version 4.7.1-FC4
platform-detail hardware_info Compile_Time "Tuesday, December 07, 2021 [19:50:13 PST]"
platform-detail hardware_info CPU_Information "Intel(R) Xeon(R) CPU E5-2698 v4 @ 2.20GHz 40 cores"
platform-detail hardware_info Memory_Information "263915752 kB"
platform-detail hardware_info Disk_Size "4796 GB"
platform-detail hardware_info CIMC_IP NA
platform-detail hardware_info Entity-Name ""
platform-detail hardware_info Entity-Desc ""
platform-detail hardware_info BIOS-Version C220M4.4.1.1c.0.1113190848
platform-detail hardware_info CIMC-Version 4.1(1f)
platform-detail software_packages Kernel_Version 3.10.0-1062.4.1.4.el7.x86_64
platform-detail software_packages QEMU_Version 2.12.0
platform-detail software_packages LibVirt_Version 4.5.0
platform-detail software_packages OVS_Version 2.11.4
platform-detail switch_detail UUID NA
platform-detail switch_detail Type NA
platform-detail switch_detail Name NA
platform-detail switch_detail Ports 0
PCI
NAME TYPE MEDIA LINK SPEED MTU MAC DETAIL
-------------------------------------------------------------------------------
eth0-1 physical Twisted Pair up 1000 9216 a0:93:51:f4:b6:40 01:00.0
eth0-2 physical Twisted Pair up 1000 9216 a0:93:51:f4:b6:41 01:00.1
eth1-1 physical Fibre up 10000 9216 90:e2:ba:fb:93:e4 07:00.0
eth1-2 physical Fibre down 0 9216 90:e2:ba:fb:93:e5 07:00.1
eth2-1 physical Fibre up 10000 9216 3c:fd:fe:bd:99:28 81:00.0
eth2-2 physical Other down 0 9216 3c:fd:fe:bd:99:29 81:00.1
eth2-3 physical Fibre up 10000 9216 3c:fd:fe:bd:99:2a 81:00.2
eth2-4 physical Other down 0 9216 3c:fd:fe:bd:99:2b 81:00.3
eth3-1 physical Twisted Pair down 0 9216 a0:93:51:fe:e8:50 04:00.0
eth3-2 physical Twisted Pair down 0 9216 a0:93:51:fe:e8:51 04:00.1
eth3-3 physical Twisted Pair down 0 9216 a0:93:51:fe:e8:52 04:00.2
eth3-4 physical Twisted Pair down 0 9216 a0:93:51:fe:e8:53 04:00.3
Ethtool
TEST-NFVI# support show ethtool driver eth1-2
Driver information for device: eth1-2
driver: ixgbe
version: 5.3.7-4 CISCO-UCS
firmware-version: 0x800008a4, 0.385.33
expansion-rom-version:
bus-info: 0000:07:00.1
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
supports-priv-flags: yes
OVS commands
TEST-NFVI# support ovs vsctl show
95bd961a-4b0b-47b7-a0b6-6025a36b55c6
Bridge wan-br
Port wan-br
Interface wan-br
type: internal
Bridge int-mgmt-net-br
Port int-mgmt-net-br
Interface int-mgmt-net-br
type: internal
Bridge MGMT_BR
Port bond-MGMT_PC
Interface "eth0-2"
Interface "eth0-1"
Port "eth0-2_ll1"
Interface "eth0-2_ll1"
Port "eth0-1_ll1"
Interface "eth0-1_ll1"
Port MGMT_BR
tag: 9
Interface MGMT_BR
type: internal
Bridge lan-br
Port lan-br
Interface lan-br
type: internal
ovs_version: "2.11.4"
REST API Examples:
Launch a VNF C800v with pre-created Flavor and day0-config
curl -k -v -u "admin:Cisco123#" -H "Accept:application/vnd.yang.data+json" -H "Content-Type:application/vnd.yang.data+json" -X POST https://9.9.9.37/api/config/vm_lifecycle/tenants/tenant/admin/deployments --data \
'
{
"deployment": [
"name": "TEST_C8000",
"vm_group": [
{
"name": "TEST_C8000",
"image": "c8000v-universalk9_16G_vga.17.05.01a.qcow2",
"flavor": "C8000v-TEST",
"vim_vm_name": "TEST_C8000",
"bootup_time": -1,
"recovery_wait_time": 0,
"interfaces": {
"interface": [
{
"nicid": 0,
"model": "virtio",
"network": "wan-net"
},
{
"nicid": 1,
"model": "virtio",
"network": "eth3-4-SRIOV-1"
},
{
"nicid": 2,
"model": "virtio",
"network": "eth3-4-SRIOV-2"
}
]
},
"config_data": {
"configuration": [
{
"dst": "iosxe_config.txt",
"data": "hostname TEST-9.9.165.178\nlicense smart enable\nusername admin privilege 15 password admin\n!\nenable secret admin\**bleep** vrf mgmt\n description management\nexit\**bleep** domain name cisco.com\ncrypto key generate rsa modulus 1024\**bleep** name-server vrf mgmt 171.70.168.183\n!\ninterface GigabitEthernet1\n description VR_MANAGEMENT_INTERFACE\n ip vrf forwarding mgmt\n ip address 9.9.165.178 255.255.0.0\n negotiation auto\n no shut\nexit\nline pro 0\n exec-timeout 30 0\nexit\nline con 0\n stopbits 1\nline vty 0 4\n privilege level 15\n password 7 01100F175804575D72\n login local\n transport input all\nexit\nline vty 5 15\n privilege level 15\n login local\n transport input ssh\nexit\**bleep** tftp source-interface GigabitEthernet1\**bleep** ssh source-interface GigabitEthernet1\**bleep** ssh version 2\**bleep** ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr\**bleep** ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr\**bleep** route vrf mgmt 0.0.0.0 0.0.0.0 9.9.9.1\nno ip ssh stricthostkeycheck\n!\n\n\**bleep** http client source-interface GigabitEthernet1\n\n\n!\n"
}
]
},
"scaling": {
"min_active": 1,
"max_active": 1
},
"placement": [
{
"type": "zone_host",
"host": "datastore1"
}
],
"recovery_policy": {
"action_on_recovery": "REBOOT_ONLY"
}
}
]
}
'
Enable SRIOV on a PNIC
curl -s -k -u admin:Cisco123# -H Accept:application/vnd.yang.data+json -H Content-Type:application/vnd.yang.data+json -X POST https://9.9.9.37/api/config/pnics/pnic/eth1-1/sriov --data \
'
{
"numvfs": 10
}
'
Create 8 networks on PNIC eth1-1
curl -s -k -u admin:Cisco123# -H Accept:application/vnd.yang.data+json -H Content-Type:application/vnd.yang.data+json -X POST https://9.9.9.37/api/config/networks/ --data \
'
{
"network": [
{
"name": "eth1-1-SRIOV-1",
"sriov": "true"
},
{
"name": "eth1-1-SRIOV-2",
"sriov": "true"
},
{
"name": "eth1-1-SRIOV-3",
"sriov": "true"
},
{
"name": "eth1-1-SRIOV-4",
"sriov": "true"
},
{
"name": "eth1-1-SRIOV-5",
"sriov": "true"
},
{
"name": "eth1-1-SRIOV-6",
"sriov": "true"
},
{
"name": "eth1-1-SRIOV-7",
"sriov": "true"
},
{
"name": "eth1-1-SRIOV-8",
"sriov": "true"
}
]
}
'
Create SRIOV network with access VLAN
Find an unused NETWORK (unused VF in an SRIOV Pnic)
Delete the unused Network
curl -s -k -u admin:Cisco123# -H Accept:application/vnd.yang.data+json -H Content-Type:application/vnd.yang.data+json -X DELETE https://9.9.9.37/api/config/networks/network/eth1-1-SRIOV-6
Create a Network with the required parameters
curl -s -k -u admin:Cisco123# -H Accept:application/vnd.yang.data+json -H Content-Type:application/vnd.yang.data+json -X POST https://9.9.9.37/api/config/networks/ --data \
'
{
"network": [{
"name": "eth1-1-SRIOV-6",
"vlan": [200],
"trunk": false,
"sriov": true
}
]
}
'
Show the newly created network
curl -s -k -u admin:Cisco123# -H Accept:application/vnd.yang.data+json -H Content-Type:application/vnd.yang.data+json -X GET https://9.9.9.37/api/config/networks/network/eth1-1-SRIOV-6
{
"network:network": {
"name": "eth1-1-SRIOV-6",
"vlan": [200],
"trunk": false,
"sriov": true
}
}
Create a Package for ASAv
Sample ASAv config file
ASA Version 9.9(2)
!
hostname ASA_NFVIS
!
interface management0/0
management-only
description int-mgmt-net
nameif management
security-level 100
ip address 9.9.165.165 255.255.0.0
no shutdown
!
interface GigabitEthernet0/0
description failover
no shutdown
!
interface TenGigabitEthernet0/0
nameif INSIDE
security-level 100
no shutdown
!
interface TenGigabitEthernet0/1
nameif OUTSIDE
security-level 0
no shutdown
!
crypto key generate rsa modulus 2048
terminal width 511
!
username admin password admin privilege 15
ssh 0.0.0.0 0.0.0.0 management
!
aaa authentication ssh console LOCAL
aaa authorization exec LOCAL
!
route management 0.0.0.0 0.0.0.0 9.9.9.1 1
!
ssh version 2
ssh key-exchange group dh-group14-sha1
!
!
enable password admin
debug menu license 25 development
!
dns domain-lookup management
dns name-server 171.70.168.183 173.36.131.10
!
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authorization exec LOCAL
aaa authorization http console LOCAL
aaa authentication login-history
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect ip-options
inspect netbios
inspect rtsp
inspect sunrpc
inspect tftp
inspect xdmcp
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect esmtp
inspect sqlnet
inspect sip
inspect skinny
policy-map type inspect dns migrated_dns_map_2
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
!
license smart
feature tier standard
throughput level 10G
!
call-home
source-interface management
profile CiscoTAC-1
active
destination transport-method http
no destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address http https://sch-alpha.cisco.com/its/service/oddce/services/DDCEService
profile License
active
destination transport-method http
no destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address http https://sch-alpha.cisco.com/its/service/oddce/services/DDCEService
clock timezone PST -8
!
!
ip http client source-interface GigabitEthernet1
service internal
service call-home
license smart enable
ip domain lookup
debug menu license 25 development
crypto ca trustpool import url https://www.cisco.com/security/pki/trs/ios_core.p7b
NFVIS – packaging tool
NFVIS – package creation using NFVPT.py
Input
– day0 config file
- Qcow2 file
CLI command
python nfvpt.py -o asav9-14-1-10 \
-i asav9-14-1-10.qcow2 \
-n ASAv -t FIREWALL -r 9-14-1-10 \
--monitored false --bootstrap --sriov=true \
day0-config:ASA_MGMT_HARD_CODE.txt \
--min_vcpu 1 --max_vcpu 4 --min_mem 1024 --max_mem 8192 \
--min_disk 8 --max_disk 16 --vnic_max 8 \
--optimize true \
--profile ASAv5,"ASAv5 profile",1,1024,8192 --profile ASAv10,"ASAv10 profile",1,4096,8192 --profile ASAv30,"ASAv30 profile",4,8192,16384 --default_profile ASAv30
Output:
Cisco NFVIS Packaging Tool
['tar', '-czf', '/home/admin/NFVIS/NFV_SCRIPTS/asav9-14-1-10.tar.gz', '-C', '/home/admin/NFVIS/NFV_SCRIPTS', 'asav9-14-1-10.qcow2', '-C', '/home/admin/NFVIS/NFV_SCRIPTS', 'ASA_MGMT_HARD_CODE.txt', '-C', '/home/admin/NFVIS/NFV_SCRIPTS', 'image_properties.xml', '-C', '/home/admin/NFVIS/NFV_SCRIPTS', 'package.mf']
/NFVIS/NFV_SCRIPTS/TEST$ ls -l
total 410996
-rw-r--r-- 1 admin admin 3141 Feb 21 10:51 ASA_MGMT_HARD_CODE.txt
-rw-r--r-- 1 admin admin 211943424 Feb 21 10:51 asav9-14-1-10.qcow2
-rw-rw-r-- 1 admin admin 208892550 Feb 21 10:59 asav9-14-1-10.tar.gz
-rw-rw-r-- 1 admin admin 1580 Feb 21 10:57 image_properties.xml
-rw-rw-r-- 1 admin admin 697 Feb 21 10:57 package.mf
Load this package file onto NFVIS - asav9-14-1-10.tar.gz
Ensure The required Networks are available –
In this example eth1-1-SRIOV-5, eth1-1-SRIOV-6
Check Network Availability
TEST-NFVI# show running-config networks network eth1-1-SRIOV-5
networks network eth1-1-SRIOV-5
vlan [ 101 ]
trunk false
sriov true
!
TEST-NFVI# show running-config networks network eth1-1-SRIOV-6
networks network eth1-1-SRIOV-6
vlan [ 200 ]
trunk false
sriov true
!
Create Network
If networks are not available with the correct VLAns then create them
TEST-NFVI(config)# networks network eth1-1-SRIOV-7 vlan 300 sriov true trunk false
TEST-NFVI(config-network-eth1-1-SRIOV-7)# commit
Commit complete.
TEST-NFVI# show running-config networks network eth1-1-SRIOV-7
networks network eth1-1-SRIOV-7
vlan [ 300 ]
trunk false
sriov true
!
Launch ASAv using CLI
TEST-NFVI# config
Entering configuration mode terminal
TEST-NFVI(config)# vm_lifecycle tenants tenant admin
TEST-NFVI(config-tenant-admin)#
deployments deployment FIREWALL3
vm_group FIREWALL3
image asav9-14-1-10.tar.gz
flavor ASAv30
vim_vm_name FIREWALL3
bootup_time -1
recovery_wait_time 0
recovery_policy action_on_recovery REBOOT_ONLY
interfaces interface 0
model virtio
network MGMT_NET
!
interfaces interface 1
model virtio
network eth1-1-SRIOV-5
!
interfaces interface 2
model virtio
network eth1-1-SRIOV-6
!
scaling min_active 1
scaling max_active 1
placement zone_host
host datastore1
!
!
!
!
NTP Configuration
CLI set command
TEST-NFVI(config)# system time timezone America/Los_Angeles ntp preferred_server ntp.esl.cisco.com
TEST-NFVI(config)# commit
Commit complete.
CLI show command
TEST-NFVI# show running-config system time
system time timezone America/Los_Angeles
system time ntp preferred_server ntp.esl.cisco.com
Load a Package via SCP
scp <username>@<server_ip>:<file_path>/DC13-ASAv01-asav9-14-2.tar.gz intdatastore:DC13-ASAv01-asav9-14-2.tar.gz
Register Package loaded via SCP
TEST-NFVI(config)# vm_lifecycle images image DC13-ASAv01-asav9-14-2.tar.gz src file://data/intdatastore/uploads/DC13-ASAv01-asav9-14-2.tar.gz