Showing results for 
Search instead for 
Did you mean: 
Cisco Employee
Cisco Employee

This document provides step by step instruction on getting started with CSP5000 series platform.

Following is a quick overview of hardware ports and best practice for getting started. 


These are key considerations  when transitioning from CSP-OS to NFVIS on CSP5000 platform. 
-Configuration inside the VM(on CSP-OS host) may need to be saved offline and restored on the new VM(on NFVIS host).
-In a CSP-OS system, hyperthreading is disabled by default. NFVIS allows for VMs to be deployed in CPU sharing mode, this would require Hyperthreading enabled in CIMC configuration as documented in the CIMC settings screen shots.



CIMC and Management portsCIMC and Management ports


Verify / Upgrade platform management software(CIMC, etc)


Please refer NFVIS release notes for validated CIMC, BIOS versions.


Verify CIMC BIOS versionVerify CIMC BIOS version

If the CIMC and BIOS versions in the current system do not match release notes recommendation, the following procedures can be used for updating the CIMC, BIOS versions and firmware. 

As a first step, configure the boot order. This will ensure that the Host Upgrade utility mapped in the next step will be used in the CIMC, BIOS update. 

Boot from Host Upgrade Utility isoBoot from Host Upgrade Utility iso

Upgrade CIMC and BIOS using HUU isoUpgrade CIMC and BIOS using HUU iso
Host Upgrade Utility menuHost Upgrade Utility menu

Activate CIMC upgradeActivate CIMC upgrade

Install NFVIS

NFVIS software can be downloaded from Cisco Software Downloads site.
Choose Cisco_NFVIS-4.7.1-FC4.iso
Upgrade from N->N+2 release can also be done using the same .iso using NFVIS GUI Operations->Upgrade
Install NFVIS from virtual CDROMInstall NFVIS from virtual CDROM

nfvis login: console (automatic login)

Cisco Network Function Virtualization Infrastructure Software (NFVIS)

NFVIS Version: 4.7.1-FC4

Copyright (c) 2015-2022 by Cisco Systems, Inc.
Cisco, Cisco Systems, and Cisco Systems logo are registered trademarks of Cisco
Systems, Inc. and/or its affiliates in the U.S. and certain other countries.

The copyrights to certain works contained in this software are owned by other
third parties and used and distributed under third party license agreements.
Certain components of this software are licensed under the GNU GPL 2.0, GPL 3.0,
LGPL 2.1, LGPL 3.0 and AGPL 3.0.

login: [ 339.195378] device int-mgmt-net-br entered promiscuous mode

login: admin
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
admin@localhost's password:

Cisco Network Function Virtualization Infrastructure Software (NFVIS)

NFVIS Version: 4.7.1-FC4

Copyright (c) 2015-2022 by Cisco Systems, Inc.
Cisco, Cisco Systems, and Cisco Systems logo are registered trademarks of Cisco
Systems, Inc. and/or its affiliates in the U.S. and certain other countries.

The copyrights to certain works contained in this software are owned by other
third parties and used and distributed under third party license agreements.
Certain components of this software are licensed under the GNU GPL 2.0, GPL 3.0,
LGPL 2.1, LGPL 3.0 and AGPL 3.0.

admin connected from ::1 using ssh on nfvis
admin logged with default credentials
Please provide a password which satisfies the following criteria:
1.At least one lowercase character
2.At least one uppercase character
3.At least one number
4.At least one special character from # _ - * ?
5.Length should be between 7 and 128 characters
Please reset the password :xxxxxxxx
Please reenter the password :xxxxxxxx

Resetting admin password

New admin password is set

System message at 2022-02-01 21:58:02...
Commit performed by system via system using system.
nfvis# config t
Entering configuration mode terminal
nfvis(config)# system settings mgmt ip address
nfvis(config)# bridges bridge wan-br
nfvis(config-bridge-wan-br)# no dhcp
nfvis(config-bridge-wan-br)# system settings default-gw
nfvis(config)# commit
Commit complete.
nfvis(config)# end

Access NFVIS GUI and Deploy VM


Login to management GUI using the MGMT ip address configured. 

Configuration->Virtual Machine->Images->Image Repository


C8000v VM package for NFVIS is published in Cisco Software Downloads site.
Cisco Catalyst 8000V IOS XE Universal - Crypto 8G Serial TAR

For other VMs, user would create VM package with the following instructions.

Upload and Register ImageUpload and Register Image


Configuration->Virtual Machine->Networking->Networks

Create networks required for vnic connections during VM deployment. Following is an example where a mgmt-net is created and same physical port used for NFVIS manage is used for VM management also. 

There are two modes on VLAN treatment supported in NFVIS.
Networking tab in the GUI can be used for setting the following.
1. OVS or SRIOV network configured in Trunk mode with allowed VLANs:
In this configuration, dot1q vlan tagged packets from/to VM are passed through the interface.
2. OVS or SRIOV network configured in Access mode with specific VLAN:
This configuration is used when the Hypervisor is expected to add/remove VLAN tag on behalf of the VM.
Note: When using non IOSXE VM on NFVIS system, particularly with SRIOV mode,
we recommend that interop testing be performed prior to NFVIS upgrade.
SRIOV nic driver interop between VM and NFVIS with newer software versions(VM and NFVIS) could be proven with the interop testing.

Add NetworkAdd Network

Verify NetworkVerify Network



VNF DeployVNF Deploy

Configuration->Virtual Machine->Manage


VNF ManageVNF Manage

Migration Steps from CSPOS to NFVIS on CSP5000 platform

1. CSPOS and VM configuration backup
2. Create VNF packages with device specific bootstrap configuration for every device
3. Provision CSP5000 NFVIS platform 1..N
    a. Install NFVIS 4.7.1FC4 (or latest) using CIMC
    b. Configure management IP, netmask, Default gateway using CIMC kvm console
    c. Upload the device specific VNF image package(s), using NFVIS local UI
    d. Provision the device with equivalent NFVIS configuration via SSH CLI. Verify deployment via local UI.

NFVIS vs CSP-OS comparison Table







Requires hyper-threading OFF

Supports hyper-threading

NFVIS - Can set dedicated cores per VNF if needed






Individual Port

Individual Port



Supports Port-channel

Supports Port-channel

LACP Active

Bond Mode Balance-slb


Supports SRIOV

Support SRIOV


Default numvfs

0 VFs, Sriov needs to enabled, numvfs and VEPA/VEB mode selected

4 VFs, SRIOV enabled on PNICs that support it. VEB is default

Is VEPA mode supported? Not in Branch software

Modify numvfs

Delete all services, disable SRIOV, change numVFs and switchmode, enable SRIOV

Delete all services, disable SRIOV, change numVFs and switchmode, enable SRIOV

Large number of unused VFs clutters GUI in NFVIS

VNIC to PNIC connection

CSP VNIC directly connects to SRIOV PNIC, VF is automatically assigned and no specific network needs to be created

NFVIS requires a network

So PNIC, to VFs, each VF is assigned to a network

Assign numvfs, create numvf number of unique networks. These networks exist even if they are unused.

VF with VLAN

CSP dynamically assigns VLAN to vf

NFVIS – Network needs to be setup with VLAN and then used for the VF


VM creation

CSP-OS creation does not require a flavor, everything a VNF needs can be specified during creation

NFVIS requires a Flavor (CPU/MEM/DISK etc). And then the individual VNICs are created and connected to networks

Needed Networks need to exist

Day0 file (Copy Paste)

Can be cut and pasted dynamically if needed

Can be cut and pasted dynamically if needed


Multiple Day0 file bootstrap as a file

Multiple Day0 file can be added as part of deployment. CSP-OS takes care of bundling and creating an ISO image

Multiple Day0 file needs to added as part of a package creation process.
Refer : Examples for VM Deployment Payload with Bootstrap Configuration Options

CSP-OS to NFVIS Migration considerations

When migrating from CSPOS to NFVIS, migration steps 3b,3c,3d above will require the following NFVIS configurations. Also Refer to the CSPOS and NFVIS comparison table above for differences in the relevant configuration sections. 


NFVIS – Day-1 setup

Create a Port-Channel (PNIC)


TEST-NFVI(config)# pnic TEST

Possible completions:

  adminstatus   Admin configured status for a physical interface

  duplex        interface duplex

  lldp          lldp is enabled or not for this interface

  member_of     pnic name this pnic is a member of

  promiscuous   promiscuous mode is enabled or not for this interface

  speed         interface configurational speed

  sriov         SR-IOV configuration

  track-state   Notify state change of PNIC to the configured VMs VNICs

  type          pnic type



TEST-NFVI(config)# pnic MGMT_PC type port_channel lacp_type active bond_mode balance-tcp trunks 9 lldp enabled adminstatus up

Add Members to Port-channel (PNIC)

In this example I am planning to add eth0-1 and eth0-2 – but they are already part of a bridge network, So they have to be removed from that relationship before being added to our Port_channel


Remove from Network

TEST-NFVI(config)# bridges bridge wan-br

TEST-NFVI(config-bridge-wan-br)# no port eth0-1


TEST-NFVI(config)# bridges bridge lan-br

TEST-NFVI(config-bridge-wan-br)# no port eth0-2


Add to PNIC (Port-Channel)

TEST-NFVI(config)# pnic eth0-1

TEST-NFVI(config-pnic-eth0-1)# member_of MGMT_PC


TEST-NFVI(config)# pnic eth0-2

TEST-NFVI(config-pnic-eth0-1)# member_of MGMT_PC



Show Commands PNIC

TEST-NFVI# show running-config pnic MGMT_PC

pnic MGMT_PC

 type      port_channel

 bond_mode balance-tcp

 trunks    9

 lacp_type active


TEST-NFVI# show running-config pnic eth0-1

pnic eth0-1

 member_of MGMT_PC

 sriov numvfs 2

 lldp      enabled


TEST-NFVI# show running-config pnic eth0-2

pnic eth0-2

 member_of MGMT_PC

 sriov numvfs 2

 lldp      enabled



Need a Network BRIDGE to be created MGMT_BR

Create a bridge, assign Port-Channel pnic MGMT_PC as a port, assign a vlan 9 (in our case) and ip address/mask


TEST-NFVI(config)# bridges bridge MGMT_BR

TEST-NFVI(config-bridge-MGMT_BR)# vlan 9

TEST-NFVI(config-bridge-MGMT_BR)# port MGMT_PC

TEST-NFVI(config-bridge-MGMT_BR)# ip address


Show commands (Bridges)

TEST-NFVI# show running-config bridges

bridges bridge wan-br


bridges bridge lan-br

 ip address


bridges bridge MGMT_BR

 ip address

 vlan 9

 port MGMT_PC



ANAMOLY – lldp with Port-channel bond-mode

TEST-NFVI(config)# pnic HA-A type port_channel lacp_type active bond_mode

Possible completions:

  active-backup  balance-slb  balance-tcp

TEST-NFVI(config)# pnic HA-A type port_channel lacp_type active bond_mode balance-slb tr

Possible completions:

  track-state   Notify state change of PNIC to the configured VMs VNICs

  trunks        define vlan trunks.

TEST-NFVI(config)# pnic HA-A type port_channel lacp_type active bond_mode balance-tcp

Possible completions:

  adminstatus   Admin configured status for a physical interface

  lldp          lldp is enabled or not for this interface

  track-state   Notify state change of PNIC to the configured VMs VNICs

  trunks        define vlan trunks.



Configure Default Gateway (System Settings)


system settings default-gw

system settings hostname TEST-NFVI


show / set system settings

TEST-NFVI(config)# system settings

Possible completions:

  cimc-access        Configure CIMC access through NFVIS on ENCS-5400 platform

  default-gw         Default gateway

  default-gw-ipv6    Default gateway for ipv6 address

  disk-space         Configurations for system disk space

  dns-server         List of DNS servers, max 3 can be configured

  domain             domain

  dpdk               enable dpdk support on service bridges

  hostname           hostname - range (1-58); must begin with letter or digit; can

                     contain alphabets, numbers and hyphen

  ip-receive-acl     ACL for managing interface group

  logging            Logging configuration

  mgmt               Management IP address configuration


  source-interface   Source IP address configuration for originating traffic

  wan                Wan NFVIS management configuration

SRIOV (set up)


Default state of SRIOV Ports


TEST-NFVI# show running-config pnic eth1-2

pnic eth1-2

 sriov numvfs 4



TEST-NFVI# show running-config networks network | include eth1-2

networks network eth1-2-SRIOV-1

networks network eth1-2-SRIOV-2

networks network eth1-2-SRIOV-3

networks network eth1-2-SRIOV-4


TEST-NFVI# show pnic eth1-2 sriov

sriov sriov-support true

sriov maxvfs    61

sriov numvfs-onsystem 4

sriov inusevfs  4

sriov status    enabled



Every port capable of supporting SRIOV is initialized with maxvfs supported by hardware, and has 4 VFs enabled by default, and 4 SRIOV networks created and associated with each VF.


How to dynamically add more VFs to a default system port


Port  like eth1-2 (which in this example is an x520)


Delete ALL <pnic-name>SRIOV-<num> networks

TEST-NFVI(config)# no networks network eth1-2-SRIOV-1

TEST-NFVI(config)# no networks network eth1-2-SRIOV-2

TEST-NFVI(config)# no networks network eth1-2-SRIOV-3

TEST-NFVI(config)# no networks network eth1-2-SRIOV-4


Disable SRIOV on the PNIC


TEST-NFVI(config)# no pnic eth1-2 sriov




TEST-NFVI(config)# end

TEST-NFVI# show running-config pnic eth1-2

pnic eth1-2

 sriov numvfs 4


TEST-NFVI# config t

Entering configuration mode terminal

TEST-NFVI(config)# no networks network eth1-2-SRIOV-1

TEST-NFVI(config)# no networks network eth1-2-SRIOV-2

TEST-NFVI(config)# no networks network eth1-2-SRIOV-3

TEST-NFVI(config)# no networks network eth1-2-SRIOV-4

TEST-NFVI(config)# no pnic eth1-2 sriov

TEST-NFVI(config)# commit

Commit complete.

TEST-NFVI(config)# do show running-config pnic eth1-2

pnic eth1-2


Enable SRIOV on PNIC


TEST-NFVI(config)# pnic eth1-2

TEST-NFVI(config-pnic-eth1-2)# sriov numvfs 10

TEST-NFVI(config-pnic-eth1-2)# commit

Commit complete.


Show commands

TEST-NFVI# show running-config pnic eth1-2

pnic eth1-2

 sriov numvfs 8



Create Networks

Steps to create SRIOV networks

  • PNIC must have SRIOV enabled and be configured with numvfs
  • SRIOV network name format: <pnic_name>-SRIOV-<num>
    • <pnic_name>: must be valid PNIC name
    • <num>: must be greater than 0 and less than numvfs


TEST-NFVI# config t

Entering configuration mode terminal

TEST-NFVI(config-network-eth1-2-SRIOV-3)# networks network eth1-2-SRIOV-1 sriov true

TEST-NFVI(config-network-eth1-2-SRIOV-4)# networks network eth1-2-SRIOV-2 sriov true

TEST-NFVI(config-network-eth1-2-SRIOV-5)# networks network eth1-2-SRIOV-3 sriov true

TEST-NFVI(config-network-eth1-2-SRIOV-3)# networks network eth1-2-SRIOV-4 sriov true

TEST-NFVI(config-network-eth1-2-SRIOV-4)# networks network eth1-2-SRIOV-5 sriov true

TEST-NFVI(config-network-eth1-2-SRIOV-5)# networks network eth1-2-SRIOV-6 sriov true

TEST-NFVI(config-network-eth1-2-SRIOV-6)# networks network eth1-2-SRIOV-7 sriov true

TEST-NFVI(config-network-eth1-2-SRIOV-7)# networks network eth1-2-SRIOV-8 sriov true

TEST-NFVI(config-network-eth1-2-SRIOV-8)# commit

Commit complete.


Show Commands (networks network)


TEST-NFVI# show running-config networks network | include eth1-2

networks network eth1-2-SRIOV-1

networks network eth1-2-SRIOV-2

networks network eth1-2-SRIOV-3

networks network eth1-2-SRIOV-4

networks network eth1-2-SRIOV-5

networks network eth1-2-SRIOV-6

networks network eth1-2-SRIOV-7

networks network eth1-2-SRIOV-8



TEST-NFVI# show running-config pnic eth1-2

pnic eth1-2

 sriov numvfs 10


TEST-NFVI# show pnic eth1-2 sriov

sriov sriov-support true

sriov maxvfs    61

sriov numvfs-onsystem 10

sriov inusevfs  8

sriov status    enabled




Additional show commands


System Networks

TEST-NFVI# show system networks

                                                                            RX       TX       RX         RX         TX                             RX

                                                  RX     TX     RX    TX    UNICAST  UNICAST  MULTICAST  BROADCAST  BROADCAST  RX        TX        UNKNOWN   TX



wan-net         wan-br  N/A    openvswitch  N/A   N/A    N/A    N/A   N/A   N/A      N/A      N/A        N/A        N/A        N/A       N/A       N/A       N/A

lan-net         lan-br  N/A    openvswitch  N/A   N/A    N/A    N/A   N/A   N/A      N/A      N/A        N/A        N/A        N/A       N/A       N/A       N/A

eth0-1-SRIOV-1  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth0-1-SRIOV-2  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth0-2-SRIOV-1  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth0-2-SRIOV-2  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth2-1-SRIOV-1  N/A     N/A    SRIOV        N/A   N/A    N/A    N/A   N/A   N/A      N/A      N/A        N/A        N/A        N/A       N/A       N/A       N/A

eth2-1-SRIOV-2  N/A     N/A    SRIOV        N/A   N/A    N/A    N/A   N/A   N/A      N/A      N/A        N/A        N/A        N/A       N/A       N/A       N/A

eth2-1-SRIOV-3  N/A     N/A    SRIOV        N/A   N/A    N/A    N/A   N/A   N/A      N/A      N/A        N/A        N/A        N/A       N/A       N/A       N/A

eth2-1-SRIOV-4  N/A     N/A    SRIOV        N/A   N/A    N/A    N/A   N/A   N/A      N/A      N/A        N/A        N/A        N/A       N/A       N/A       N/A

eth2-2-SRIOV-1  N/A     N/A    SRIOV        N/A   N/A    N/A    N/A   N/A   N/A      N/A      N/A        N/A        N/A        N/A       N/A       N/A       N/A

eth2-2-SRIOV-2  N/A     N/A    SRIOV        N/A   N/A    N/A    N/A   N/A   N/A      N/A      N/A        N/A        N/A        N/A       N/A       N/A       N/A

eth2-2-SRIOV-3  N/A     N/A    SRIOV        N/A   N/A    N/A    N/A   N/A   N/A      N/A      N/A        N/A        N/A        N/A       N/A       N/A       N/A

eth2-2-SRIOV-4  N/A     N/A    SRIOV        N/A   N/A    N/A    N/A   N/A   N/A      N/A      N/A        N/A        N/A        N/A       N/A       N/A       N/A

eth2-3-SRIOV-1  N/A     N/A    SRIOV        N/A   N/A    N/A    N/A   N/A   N/A      N/A      N/A        N/A        N/A        N/A       N/A       N/A       N/A

eth2-3-SRIOV-2  N/A     N/A    SRIOV        N/A   N/A    N/A    N/A   N/A   N/A      N/A      N/A        N/A        N/A        N/A       N/A       N/A       N/A

eth2-3-SRIOV-3  N/A     N/A    SRIOV        N/A   N/A    N/A    N/A   N/A   N/A      N/A      N/A        N/A        N/A        N/A       N/A       N/A       N/A

eth2-3-SRIOV-4  N/A     N/A    SRIOV        N/A   N/A    N/A    N/A   N/A   N/A      N/A      N/A        N/A        N/A        N/A       N/A       N/A       N/A

eth2-4-SRIOV-1  N/A     N/A    SRIOV        N/A   N/A    N/A    N/A   N/A   N/A      N/A      N/A        N/A        N/A        N/A       N/A       N/A       N/A

eth2-4-SRIOV-2  N/A     N/A    SRIOV        N/A   N/A    N/A    N/A   N/A   N/A      N/A      N/A        N/A        N/A        N/A       N/A       N/A       N/A

eth2-4-SRIOV-3  N/A     N/A    SRIOV        N/A   N/A    N/A    N/A   N/A   N/A      N/A      N/A        N/A        N/A        N/A       N/A       N/A       N/A

eth2-4-SRIOV-4  N/A     N/A    SRIOV        N/A   N/A    N/A    N/A   N/A   N/A      N/A      N/A        N/A        N/A        N/A       N/A       N/A       N/A

eth3-1-SRIOV-1  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth3-1-SRIOV-2  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth3-2-SRIOV-1  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth3-2-SRIOV-2  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth3-3-SRIOV-1  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth3-3-SRIOV-2  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth1-1-SRIOV-1  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth1-1-SRIOV-2  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth1-1-SRIOV-3  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth1-1-SRIOV-4  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth1-1-SRIOV-5  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth1-1-SRIOV-6  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth1-1-SRIOV-7  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth1-1-SRIOV-8  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth1-2-SRIOV-1  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth1-2-SRIOV-2  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth1-2-SRIOV-3  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth1-2-SRIOV-4  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth1-2-SRIOV-5  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth1-2-SRIOV-6  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth1-2-SRIOV-7  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

eth1-2-SRIOV-8  N/A     N/A    SRIOV        N/A   0      0      0     0     N/A      N/A      0          N/A        N/A        N/A       N/A       N/A       N/A

Platform detail


TEST-NFVI# show platform-detail

platform-detail hardware_info Manufacturer "Cisco Systems Inc"

platform-detail hardware_info PID CSP-2100-X1

platform-detail hardware_info SN FCH2223V1WB

platform-detail hardware_info hardware-version 74-12419-02

platform-detail hardware_info UUID 3c415cca-35cd-0a40-b32a-1730d6170519

platform-detail hardware_info Version 4.7.1-FC4

platform-detail hardware_info Compile_Time "Tuesday, December 07, 2021 [19:50:13 PST]"

platform-detail hardware_info CPU_Information "Intel(R) Xeon(R) CPU E5-2698 v4 @ 2.20GHz 40 cores"

platform-detail hardware_info Memory_Information "263915752 kB"

platform-detail hardware_info Disk_Size "4796 GB"

platform-detail hardware_info CIMC_IP NA

platform-detail hardware_info Entity-Name ""

platform-detail hardware_info Entity-Desc ""

platform-detail hardware_info BIOS-Version C220M4.4.1.1c.0.1113190848

platform-detail hardware_info CIMC-Version 4.1(1f)

platform-detail software_packages Kernel_Version 3.10.0-1062.4.1.4.el7.x86_64

platform-detail software_packages QEMU_Version 2.12.0

platform-detail software_packages LibVirt_Version 4.5.0

platform-detail software_packages OVS_Version 2.11.4

platform-detail switch_detail UUID NA

platform-detail switch_detail Type NA

platform-detail switch_detail Name NA

platform-detail switch_detail Ports 0


NAME    TYPE      MEDIA         LINK  SPEED  MTU   MAC                DETAIL


eth0-1  physical  Twisted Pair  up    1000   9216  a0:93:51:f4:b6:40  01:00.0

eth0-2  physical  Twisted Pair  up    1000   9216  a0:93:51:f4:b6:41  01:00.1

eth1-1  physical  Fibre         up    10000  9216  90:e2:ba:fb:93:e4  07:00.0

eth1-2  physical  Fibre         down  0      9216  90:e2:ba:fb:93:e5  07:00.1

eth2-1  physical  Fibre         up    10000  9216  3c:fd:fe:bd:99:28  81:00.0

eth2-2  physical  Other         down  0      9216  3c:fd:fe:bd:99:29  81:00.1

eth2-3  physical  Fibre         up    10000  9216  3c:fd:fe:bd:99:2a  81:00.2

eth2-4  physical  Other         down  0      9216  3c:fd:fe:bd:99:2b  81:00.3

eth3-1  physical  Twisted Pair  down  0      9216  a0:93:51:fe:e8:50  04:00.0

eth3-2  physical  Twisted Pair  down  0      9216  a0:93:51:fe:e8:51  04:00.1

eth3-3  physical  Twisted Pair  down  0      9216  a0:93:51:fe:e8:52  04:00.2

eth3-4  physical  Twisted Pair  down  0      9216  a0:93:51:fe:e8:53  04:00.3



TEST-NFVI# support show ethtool driver eth1-2

Driver information for device: eth1-2

driver: ixgbe

version: 5.3.7-4 CISCO-UCS

firmware-version: 0x800008a4, 0.385.33


bus-info: 0000:07:00.1

supports-statistics: yes

supports-test: yes

supports-eeprom-access: yes

supports-register-dump: yes

supports-priv-flags: yes

OVS commands


TEST-NFVI# support ovs vsctl show


    Bridge wan-br

        Port wan-br

            Interface wan-br

                type: internal

    Bridge int-mgmt-net-br

        Port int-mgmt-net-br

            Interface int-mgmt-net-br

                type: internal

    Bridge MGMT_BR

        Port bond-MGMT_PC

            Interface "eth0-2"

            Interface "eth0-1"

        Port "eth0-2_ll1"

            Interface "eth0-2_ll1"

        Port "eth0-1_ll1"

            Interface "eth0-1_ll1"

        Port MGMT_BR

            tag: 9

            Interface MGMT_BR

                type: internal

    Bridge lan-br

        Port lan-br

            Interface lan-br

                type: internal

    ovs_version: "2.11.4"

REST API Examples:


Launch a VNF C800v with pre-created Flavor and day0-config

curl -k -v -u "admin:Cisco123#" -H "Accept:application/" -H "Content-Type:application/" -X POST --data \



  "deployment": [

        "name": "TEST_C8000",

        "vm_group": [


            "name": "TEST_C8000",

            "image": "c8000v-universalk9_16G_vga.17.05.01a.qcow2",

            "flavor": "C8000v-TEST",

            "vim_vm_name": "TEST_C8000",

            "bootup_time": -1,

            "recovery_wait_time": 0,

            "interfaces": {

              "interface": [


                  "nicid": 0,

                  "model": "virtio",

                  "network": "wan-net"



                  "nicid": 1,

                  "model": "virtio",

                  "network": "eth3-4-SRIOV-1"



                  "nicid": 2,

                  "model": "virtio",

                  "network": "eth3-4-SRIOV-2"




            "config_data": {

              "configuration": [


                  "dst": "iosxe_config.txt",

                  "data": "hostname TEST-\nlicense smart enable\nusername admin privilege 15 password admin\n!\nenable secret admin\**bleep** vrf mgmt\n  description management\nexit\**bleep** domain name\ncrypto key generate rsa modulus 1024\**bleep** name-server vrf mgmt\n!\ninterface GigabitEthernet1\n  description VR_MANAGEMENT_INTERFACE\n  ip vrf forwarding mgmt\n  ip address\n  negotiation auto\n  no shut\nexit\nline pro 0\n  exec-timeout 30 0\nexit\nline con 0\n  stopbits 1\nline vty 0 4\n  privilege level 15\n  password 7 01100F175804575D72\n  login local\n  transport input all\nexit\nline vty 5 15\n  privilege level 15\n  login local\n  transport input ssh\nexit\**bleep** tftp source-interface GigabitEthernet1\**bleep** ssh source-interface GigabitEthernet1\**bleep** ssh version 2\**bleep** ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr\**bleep** ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr\**bleep** route vrf mgmt\nno ip ssh stricthostkeycheck\n!\n\n\**bleep** http client source-interface GigabitEthernet1\n\n\n!\n"




            "scaling": {

              "min_active": 1,

              "max_active": 1


            "placement": [


                "type": "zone_host",

                "host": "datastore1"



            "recovery_policy": {

              "action_on_recovery": "REBOOT_ONLY"






Enable SRIOV on a PNIC


curl -s -k  -u admin:Cisco123# -H Accept:application/ -H Content-Type:application/ -X POST --data \



 "numvfs": 10



Create 8 networks on PNIC eth1-1

curl -s -k  -u admin:Cisco123# -H Accept:application/ -H Content-Type:application/ -X POST --data \



    "network": [


        "name": "eth1-1-SRIOV-1",

        "sriov": "true"



        "name": "eth1-1-SRIOV-2",

        "sriov": "true"



        "name": "eth1-1-SRIOV-3",

        "sriov": "true"



        "name": "eth1-1-SRIOV-4",

        "sriov": "true"



        "name": "eth1-1-SRIOV-5",

        "sriov": "true"



        "name": "eth1-1-SRIOV-6",

        "sriov": "true"



        "name": "eth1-1-SRIOV-7",

        "sriov": "true"



        "name": "eth1-1-SRIOV-8",

        "sriov": "true"





Create SRIOV network with access VLAN

Find an unused NETWORK (unused VF in an SRIOV Pnic)

Delete the unused Network

curl -s -k  -u admin:Cisco123# -H Accept:application/ -H Content-Type:application/ -X DELETE


Create a Network with the required parameters

curl -s -k  -u admin:Cisco123# -H Accept:application/ -H Content-Type:application/ -X POST  --data \



  "network": [{

    "name": "eth1-1-SRIOV-6",

    "vlan": [200],

    "trunk": false,

    "sriov": true





Show the newly created network


curl -s -k  -u admin:Cisco123# -H Accept:application/ -H Content-Type:application/ -X GET


  "network:network": {

    "name": "eth1-1-SRIOV-6",

    "vlan": [200],

    "trunk": false,

    "sriov": true



Create a Package for ASAv

Sample ASAv config file


ASA Version 9.9(2)


hostname ASA_NFVIS


interface management0/0


 description int-mgmt-net

 nameif management

 security-level 100

 ip address

 no shutdown


interface GigabitEthernet0/0

  description failover

  no shutdown


interface TenGigabitEthernet0/0

  nameif INSIDE

  security-level 100

  no shutdown


interface TenGigabitEthernet0/1

  nameif OUTSIDE

  security-level 0

  no shutdown


crypto key generate rsa modulus 2048

 terminal width 511


username admin password admin privilege 15

ssh management


aaa authentication ssh console LOCAL

aaa authorization exec LOCAL



route management 1


ssh version 2

ssh key-exchange group dh-group14-sha1



enable password admin


debug menu license 25 development


dns domain-lookup management

dns name-server


timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

timeout conn-holddown 0:00:15

timeout igp stale-route 0:01:10

user-identity default-domain LOCAL

aaa authentication ssh console LOCAL

aaa authorization exec LOCAL

aaa authorization http console LOCAL

aaa authentication login-history


policy-map type inspect dns preset_dns_map


  message-length maximum client auto

  message-length maximum 512

  no tcp-inspection

policy-map global_policy

 class inspection_default

  inspect ip-options

  inspect netbios

  inspect rtsp

  inspect sunrpc

  inspect tftp

  inspect xdmcp

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect esmtp

  inspect sqlnet

  inspect sip

  inspect skinny

policy-map type inspect dns migrated_dns_map_2


  message-length maximum client auto

  message-length maximum 512

  no tcp-inspection

policy-map type inspect dns migrated_dns_map_1


  message-length maximum client auto

  message-length maximum 512

  no tcp-inspection


license smart

feature tier standard

throughput level 10G



source-interface management

profile CiscoTAC-1


  destination transport-method http

  no destination address http

  destination address http

profile License


  destination transport-method http

  no destination address http

  destination address http


clock timezone PST -8



ip http client source-interface GigabitEthernet1

service internal

service call-home

license smart enable

ip domain lookup

debug menu license 25 development

crypto ca trustpool import url

NFVIS – packaging tool


NFVIS – package creation using


– day0 config file

  • Qcow2 file


CLI command

python -o asav9-14-1-10 \

-i asav9-14-1-10.qcow2 \

-n ASAv -t FIREWALL -r 9-14-1-10 \

--monitored false --bootstrap  --sriov=true \

day0-config:ASA_MGMT_HARD_CODE.txt \

--min_vcpu 1 --max_vcpu 4 --min_mem 1024 --max_mem 8192 \

--min_disk 8 --max_disk 16 --vnic_max 8 \

--optimize true \

--profile ASAv5,"ASAv5  profile",1,1024,8192 --profile ASAv10,"ASAv10 profile",1,4096,8192 --profile ASAv30,"ASAv30 profile",4,8192,16384 --default_profile ASAv30


Cisco NFVIS Packaging Tool


['tar', '-czf', '/home/admin/NFVIS/NFV_SCRIPTS/asav9-14-1-10.tar.gz', '-C', '/home/admin/NFVIS/NFV_SCRIPTS', 'asav9-14-1-10.qcow2', '-C', '/home/admin/NFVIS/NFV_SCRIPTS', 'ASA_MGMT_HARD_CODE.txt', '-C', '/home/admin/NFVIS/NFV_SCRIPTS', 'image_properties.xml', '-C', '/home/admin/NFVIS/NFV_SCRIPTS', '']



total 410996

-rw-r--r-- 1 admin admin      3141 Feb 21 10:51 ASA_MGMT_HARD_CODE.txt

-rw-r--r-- 1 admin admin 211943424 Feb 21 10:51 asav9-14-1-10.qcow2

-rw-rw-r-- 1 admin admin 208892550 Feb 21 10:59 asav9-14-1-10.tar.gz

-rw-rw-r-- 1 admin admin      1580 Feb 21 10:57 image_properties.xml

-rw-rw-r-- 1 admin admin       697 Feb 21 10:57



Load this package file onto NFVIS - asav9-14-1-10.tar.gz


Ensure The required Networks are available –

In this example eth1-1-SRIOV-5, eth1-1-SRIOV-6


Check Network Availability

TEST-NFVI# show running-config networks network eth1-1-SRIOV-5

networks network eth1-1-SRIOV-5

 vlan  [ 101 ]

 trunk false

 sriov true


TEST-NFVI# show running-config networks network eth1-1-SRIOV-6

networks network eth1-1-SRIOV-6

 vlan  [ 200 ]

 trunk false

 sriov true


Create Network


If networks are not available with the correct VLAns then create them


TEST-NFVI(config)# networks network eth1-1-SRIOV-7 vlan 300 sriov true trunk false

TEST-NFVI(config-network-eth1-1-SRIOV-7)# commit

Commit complete.


TEST-NFVI# show running-config networks network eth1-1-SRIOV-7

networks network eth1-1-SRIOV-7

 vlan  [ 300 ]

 trunk false

 sriov true


Launch ASAv using CLI


TEST-NFVI# config

Entering configuration mode terminal

TEST-NFVI(config)# vm_lifecycle tenants tenant admin


deployments deployment FIREWALL3

  vm_group FIREWALL3

   image              asav9-14-1-10.tar.gz

   flavor             ASAv30

   vim_vm_name        FIREWALL3

   bootup_time        -1

   recovery_wait_time 0

   recovery_policy action_on_recovery REBOOT_ONLY

   interfaces interface 0

    model   virtio

    network MGMT_NET


   interfaces interface 1

    model   virtio

    network eth1-1-SRIOV-5


   interfaces interface 2

    model   virtio

    network eth1-1-SRIOV-6


   scaling min_active 1

   scaling max_active 1

   placement zone_host

    host datastore1





NTP Configuration


CLI set command

TEST-NFVI(config)# system time timezone America/Los_Angeles ntp preferred_server                   

TEST-NFVI(config)# commit

Commit complete.


CLI show command


TEST-NFVI# show running-config system time

system time timezone America/Los_Angeles

system time ntp preferred_server

Load a Package via SCP

scp <username>@<server_ip>:<file_path>/DC13-ASAv01-asav9-14-2.tar.gz intdatastore:DC13-ASAv01-asav9-14-2.tar.gz

Register Package loaded via SCP

TEST-NFVI(config)# vm_lifecycle images image DC13-ASAv01-asav9-14-2.tar.gz src file://data/intdatastore/uploads/DC13-ASAv01-asav9-14-2.tar.gz

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking for a $25 gift card