Brkarc 2012 PDF

Enterprise Network
Functions Virtualization
(ENFV) Architecture,
Configuration and
Troubleshooting
Muhilan Natarajan, Technical Leader
BRKARC-2012
#CLUS
Agenda
• Enterprise NFV
• NFVIS Architecture
• VM Life Cycle
• Designing and Provisioning
using DNA Center
• Troubleshooting
#CLUS BRKARC-2012 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Find this session in the Cisco Event App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
Webex Teams will be moderated cs.co/ciscolivebot#BRKARC-2012

by the speaker until June 18, 2018.
#CLUS © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Enterprise NFV
BRKARC-2012 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
The Current Enterprise Branch Landscape
Multiple Devices Difficult to Manage Costly to Operate

Routers, Appliances, Servers Device integration and operation Upgrades, refresh cycles,
site visits
What is Enterprise NFV?
Centralized orchestration and management

SDN Applications
Consistent, trusted network services across all the platforms

Virtual Network Functions (VNFs)
Hardware and software independence

Virtualization Layer
Freedom of choice
Hardware Platform
Cisco Enterprise NFV for Branch
Centralized Orchestration and Management
Virtual WAN
Virtual Router Virtual Firewall Optimization
3 rd Party VNFs
(ISRv, vEdge) (ASAv, NGFWv) (vWAAS)
Network Functions Virtualization Infrastructure Software (NFVIS)
ISR 4000 + Enterprise Network UCS C-Series or

UCS E-Series Compute System (ENCS) CSP 2100
In Other words
Traditional Branch Virtualized Branch
ASAv
ISRv
vWAAS
Router Service
Service Provider Switch
Switch vSwitch
Provider Firewall
NFVIS
WAN Opt
Hardware Options
Enterprise NFV
Physical Router Virtual Router Virtual Router
Virtual Services Virtual Services Virtual Services
4000 Series ISR + Enterprise Network

UCS® E-Series Compute System (ENCS) UCS C-Series
Upgradable hardware Elastic routing and services

Elastic routing and services
Deterministic routing Performance
Router / Server Hybrid
performance Early adopter
Platform Built for Enterprise NFV
ENCS 5000 Series for the Branch
Best of Routing Complete Open for Third Party
& Compute Virtualized Services Services and Apps
Enterprise Network Compute System
ENCS 5100 Series
ENCS 5400 Series
ENCS 5000 Series - Chassis Options
ENCS5412
ENCS5408 12-Core
ENCS5406 8-Core
ENCS5104 6-Core
4-Core
ENCS 5104 ENCS 5406 ENCS 5408 ENCS 5412

CPU 4-core 6-core 8-core 12-core
PoE No No 200W 200W
Capacity Guidance ISRv + 1 VNF ISRv + 2 VNFs ISRv + 3 VNFs ISRv + 5 VNFs
ENCS 5400 Series
Integrated 16 - 64 GB 6, 8, or 12-Core Dedicated Board Optional Hardware Internal
Power Supply DRAM Intel Xeon-D Management Controller RAID Controller M.2 Storage
8 Integrated LAN Ports USB 3.0 Network Interface Module 2 HDD or SSD
with Optional POE Storage for LTE & legacy WAN RAID 1
Hardware Acceleration for

VM Traffic 2 Onboard Gigabit
Ethernet ports
with SFP
5400 ENCS Internal Networking
5400 ENCS Platform Data Path
Control Path
VNF 1 ISRv VNF 2
(NIC aware) (NIC aware)
HW offload for Software

VM-VM traffic switched path
NFVIS
6 SR-IOV LAN
Networks
Internal NIC Cisco® Lights-out
IMC management
High-speed
(10G)
backplane
Switch
Cisco
VLAN-aware X86
NIM IMC
HW switch mgmt
mgmt
PoE
Cellular, T1, Dual-PHY

Dedicated management ports
DSL, LAN, GE WAN GE or LAN uplink
ENCS 5100 Series - I/O Side
Size: 1 RU 16 & 32 GB 4-Core AMD M.2 Storage

13” x 10” DRAM CPU 64 – 400 GB
Integrated Console 4 GE ports 2 x USB 3.0

Power Supply & MGMT with 2 SFPs Storage
NFVIS Architecture
Enterprise NFV Solution Architecture
Common
Orchestration and
Management across
DNA Center / Network Service Orchestrator virtual & physical

network
VNF and Application

3rd hosting with 3 rd party
ISRv ASAv WAAS vWLC
… VNFn
App1 App2
… Appn support
Software host
API
Interface
Platform
Management NFVIS Hypervisor
Virtual
Switching
managing
virtualization and
hardware
ISR-4K + UCS-E ENCS UCS x86 Server Various Host options

for different Branch
Sizes
NFVIS = Network Function Virtualization Infrastructure Software
NFVIS Architecture
PnP Console/ NSO DNA Center Portal
Server SSH
CLI NETCONF REST
Image Web VM Life Cycle Cluster

Plug-n-Play Confd Server/Portal
Management Manager Management
Storage Resource Service Host Statistics

Health Monitor AAA
Management Manager Chaining Management Collector
Hardware
libvirt Open vSwitch Qemu Collectd Syslogd Snmpd
Management
CentOS Linux 7.3 + KVM + Kernel Drivers
System Software Overview
o CentOS 7.3 based system
o Manage via GUI, CLI (IOX XR synax), REST API, Netconf/Yang
• GUI & REST connections are over HTTPS – used by ESA, DNA Center
• YANG models – used by NSO or other MANO
o Service Image Types: ISO, OVA, QCOW/QCOW2, VMDK, RAW
o Day0 config file support for services like ISRv, ASAv
Default System Settings
NFVIS has following default settings when it is installed
• DHCP is enabled on WAN facing network / port
• DHCP can only be enabled on one network / port
• Static IP (192.168.1.1) assigned on LAN facing network / port
• PnP for near zero-touch deployment enabled
• Following networks /bridges created by default:
• wan-net / wan-br
• lan-net / lan-br
Change Initial System Settings
This is required after initial system installation if not using DHCP and zero-
touch deployment (PnP)
• Login to KVM console
• Configure WAN IP address and default gateway
• You can access device using this IP address
CLI Access
GUI Access
https://<IP_Address>
Plug-n-Play (PnP)
Cisco PnP Overview
Cisco Network Plug-and-Play solution provides:
 Near zero touch deployment for Routers, Switches, Access Points & NFVIS
 Automated and centrally managed remote device deployment
 Simplified and consistent deployment of Network devices
PnP Agent in NFVIS

 Running as a service
 Auto-discover PnP server
 Provide device UDI (Serial Number, PID) to server
Zero-touch deployment using PnP
DNA Center*
PnP PnP Registration
PnP
Agent Server
VNF NFV
NFVIS VNF Provisioning using REST Provisioning
Engine
ENCS
Branch Data Center
* - Network Services Orchestrator (NSO) can also be used

PnP Options on NFVIS
• Manual Configuration
• PnP Server IP is configured in NFVIS using CLI or GUI or API
• Automatic Discovery with DHCP option 43
• DNS Lookup
• Cisco Cloud Redirection
PnP Automatic Discovery
• PnP Discovery Priority

• PnP will first look for DHCP with option 43.
• If DHCP with options 43 fails, DNS lookup will be done.
• If DNS lookup fails, then falls back to Cloud-redirect
PnP DHCP options 43
5A = PnP DHCP ID
1D = PnP DHCP debug on
ip dhcp pool pnp
1N = PnP DHCP debug off
network 10.89.23.0 255.255.255.0
Token K = <protocol>
default-router 10.89.23.1
1: XMPP-starttls
option 43 ascii “5A1D;B2;K4;I10.27.87.146;J80”
2: XMPP-socket
3: XMPP-tls
4: HTTP
5: HTTPS
option 43 ascii “5A1D;B2;K4;I10.27.87.146;J80” Token B = <address type> 1:host; 2:ipv4; 3:ipv6
Token I = <remote server IP / hostname>
Token J = <remote server port>
5A1D: PnP DHCP ID and debug on
B2: Address type IPv4
K4: Protocol HTTP
I: Remote Server IP 10.27.87.146 (PnP server IP)
J80: Remote Server Port 80
PnP DNS Lookup
Construct a fully qualified domain name (FQDN), using the preset hostname "pnpserver”,
based on the network domain name configured on the DHCP server.
Example of DNS lookup configurations on DHCP server:
ip dhcp pool P_ENCS_18375

host 172.19.183.75 255.255.255.0
hardware-address 00f2.8bc3.4a54
domain-name cisco.com
dns-server 172.19.183.147
ip host pnpserver.cisco.com 172.19.152.41
ip dns server
PnP Cloud Redirect
• This method uses the Cisco Cloud Device Redirect
tool available in the Cisco Software Central.
• User needs to have a Cisco CCO account in advance.
Example of Cloud Redirect configurations on DHCP server:
ip dhcp pool P_ENCS_18375

host 172.19.183.75 255.255.255.0
hardware-address 00f2.8bc3.4a54
domain-name cisco.com
dns-server 172.19.183.147
ip host devicehelper.cisco.com 64.101.32.10
ip dns server
PnP Cloud Redirect – Cisco Account
In order to use Cisco Cloud Device Redirect tool, user needs to have a
Cisco Account in advance.
• Launch Cisco Software Central at https://software.cisco.com in
browser
• Click “Login In”
PnP Cloud Redirect (cont’d)
• When Successful, pull down Provisioning Tab and Click
“Plug and Play Connect”
PnP Configuration
NFVIS Networking
Networking
• Flexible network virtualization model
• OVS bridges and virtual networks for service chaining between
VNFs
• VLAN on virtual networks
• High performance SR-IOV networks on ENCS platform (bypasses
vswitch)
• Port forwarding to manage multiple VNFs through single IP
Simplified Networking within NFVIS
ISRv
wan-net lan-net
br-wan br-lan
NFVIS
eth0 eth1 eth2 eth3
WAN LAN
Default System Configuration on ENCS
ENCS5400
wan-net lan-net mgmt-net
NFVIS
vSwitch
wan-br lan-br mgmt-br
VF VF VF VF VF VF VF VF VF VF
WAN WAN
Mgmt LAN Backplane NIM
NIC NIC
GE0/0 GE0/1 MGMT
Default - DHCP CPU
for NFVIS and Default - Integrated Switch
VNFs 192.168.1.1/24
connected to GE1/0 GE1/1 GE1/2 GE1/3 GE1/4 GE1/5 GE1/6 GE1/7
WAN-NET
Default System Configuration on ENCS (Contd.)
• NFVIS can be accessed by default via the FPGE WAN ports or via the
dedicated Management port
• WAN network (wan-net) and a WAN bridge (wan-br) is set by default to
enable DHCP. GE0-0 is by default associated to WAN bridge
• The Management port on ENCS is set to to 192.168.1.1 to access NFVIS
• All Switch ports – GE 1/0 to GE1/7 is associated to LAN bridge
• An internal management network (int-mgmt-net) and a bridge (int-
mgmt-br) is created and is internally used for system monitoring.
Default System Settings on UCS E-Series
UCS E-Series
Hypervisor (KVM)
lan-net wan-net
NFVIS
LAN NIC
GE2
lan-br wan-br vSwitch
GE1 GE0
Internal NIC
ucse x/0/1 ucse x/0/0
• NFVIS can be accessed by default by either WAN or LAN networks

• WAN network (wan-net) and a WAN bridge (wan-br) is set by default to enable DHCP.
• GE 0 (Internal Gigi port to ISR4K) is by default associated to WAN bridge
• LAN network (lan-net) and a LAN bridge (lan-br) set by default to 192.168.1.1 to access NFVIS
• All remaining ports – GE1 (internal interface to ISR4K) and external Gigi ports on UCS-E – GE2 and/or GE3 is
associated to LAN bridge
• An internal management network (int-mgmt-net) and a bridge (int-mgmt-br) is created and is internally
used for system monitoring.
Default System Configuration on UCS-C220
UCS-C220
Hypervisor (KVM)
Wan-net Lan-net mgmt-net
vSwitch
NFVIS
wan-br lan-br mgmt-br
GE0 GE2 GE3 GE4 GE5 GE1

WAN NIC Quad GE NIC LAN NIC
• NFVIS can be accessed by default by either WAN or LAN networks

• WAN network (wan-net) and a WAN bridge (wan-br) is set by default to enable DHCP.
• Ethernet port 0 is by default associated to WAN bridge
• LAN network (lan-net) and a LAN bridge (lan-br) set by default to 192.168.1.1 to access
NFVIS
• All remaining ports – Ethernet 1 through N is associated to LAN bridge
• An internal management network (int-mgmt-net) and a bridge (int-mgmt-br) is created and
is internally used for system monitoring.
Network Administration
Add New Network
Edit a Network
ENFV – Potential Failure Points
1. Entire x86 Host

1 5a 5b 5c 5d
• Or any of its hardware components
ISRv WAAS ASAv Win WLC
2. Physical LAN Interface
Hypervisor
3. Physical WAN Interface
NFVIS
Tap7 Tap6 Tap5 Tap4 Tap1 Tap0
vSwitch
4. Hypervisor or one of its 4 BR1 BR0
components
• E.g. vSwitch
5. VNFs or any of their software VF

WAN
PF PF
LAN
PF PF
components NIC 3 2
NIC
GE4 GE0 GE1 GE2 GE3
a. ISRv
b. vWaas
c. ASAv
d. Application (Windows)
NFVIS Built-in Recovery
• NFVIS can monitor deployed VNF for failure
• On VNF failure detection, NFVIS can auto-restart the VNF
• Downtime experienced will depend on the VNF boot up time
• Can still run the branch off one hardware
VNF Failure Protection
ISRv WAAS ASAv Windows Linux
Hypervisor (KVM)
wan-net inet-net service-net lan-net mgmt-net

NFVIS
vSwitch
wan-br inet-br service-br lan-br mgmt-br
VF 8-Port GE Switch
WAN PF WAN
NIC NIM
NIC
GE0 GE1 GE2 GE3 GE4 GE5 GE6 GE7 GE8 GE9
High Availability
ISRv WAAS Windows Linux ISRv WAAS ASAv Windows Linux
ASAv
Hypervisor (KVM) Hypervisor (KVM)
wan-net inet-net service-net lan-net mgmt-net wan-net inet-net service-net lan-net mgmt-net
NFVIS
NFVIS
vSwitch
vSwitch
wan-br inet-br service-br mgmt-br wan-br inet-br service-br lan-br mgmt-br

lan-br
VF VF 8-Port GE Switch
WAN PF WAN 8-Port GE Switch WAN PF WAN
NIM NIC NIM
NIC NIC NIC
GE2 GE3 GE4 GE5 GE6 GE7 GE8 GE9 GE0 GE1 GE2 GE3 GE4 GE5 GE6 GE7 GE8 GE9
GE0 GE1
IoT WLC Windows 3rd Party vFP(t)

WAN1
Hypervisor (KVM)
WAN2
NFV-OS
vnet Hypervisor
vnet (KVM)
NFV-OS NFV-OS
GE1 GE2
UCS-E GE
vnet vnet
GE1 GE2 GE1 GE2
UCS-E GE UCS-E GE
BR0 BR1
OVS
BR0 BR1 Hypervisor (KVM)
OVS
IoTvnet
WLC Windows 3rd Party vnet
vFP(t)
Internal NIC
BR0 BR1 Hypervisor UCS-E
(KVM)
NFV-OS
GE0 GE1
Internal NIC
OVS vnet vnet UCS-E
GE1 GE2
GE0 GE1
UCS-E GE
GE (PoE)
NIM
BR0 BR1
GE (PoE) OVS
GE NIC
Internal (MGF) IOSd
NIM
UCS-E
GE0 GE1
GE (MGF) IOSd WAAS Snort
cisco
FPGAInternal NIC
#CLUS WAAS Snort 44
NIM
cisco
GE (PoE) BRKARC-2012 © 2018 Cisco and/or its affiliates. All rights
Hypervisor (KVM) reserved.
UCS-E Cisco Public
XE
NIM
GE0 GE1
FPGA
N
High Availability
• WAN connections for each ENCS
• HA solution based on ISRv failure detection
• Only ISRv is in HA mode using HSRP
• vNIC failure detection using Track Feature in ISRv & EEM Scripts
• Based on ISRv failure detection WAN traffic will be switched to the
new Active System
• No HA support on NFVIS itself. No master/slave mode on NFVIS
Upgrading NFVIS - GUI
Upgrading NFVIS - CLI
• Upload upgrade file
• scp root@<Server_IP>/Cisco_NFVIS_Upgrade-3.8.1-FC3.nfvispkg
intdatastore:Cisco_NFVIS_Upgrade-3.8.1-FC3.nfvispkg
• Register the upgrade image

• system upgrade image_name Cisco_NFVIS_Upgrade-3.8.1-FC3.nfvispkg location
/data/intdatastore/uploads
• Verify registered image

• show system upgrde reg-info
• Upgrade registered image

• system upgrade apply-image Cisco_NFVIS_Upgrade-3.8.1-FC3.nfvispkg scheduled-time
<hours>
VM Life Cycle
Management
Common
Orchestration and
Management across

network
VNF and Application

ISRv ASAv WAAS vWLC
… VNFn
App1 App2
… Appn support
Software host
API
Interface
Platform
Virtual
Switching
managing
virtualization and
hardware

Sizes
NFVIS VM/VNFs
• Supported VMs in NFVIS 3.8.1
• ISRv
• ASAv
• vWAAS
• vEdge
• Windows/Linux
• 3rd Party VMs (PaloAlto, Fortinet etc.,)
VNF Image Packaging
VNF Image Packaging
• Converting qcow2 and img images into tar.gz
• Not Mandatory
• Simplify deployment for complex VNF
• Support for Day 0 configuration for 3rd Part VNF
• Easy to scale out deployments
• A tar.gz file containing
• qcow2 disk image (*.qcow)
• Image properties file (Image_properties.xml)
• Package Manifest (package.mf)
• Optional Bootstrap configuration file (ovf-env.xml)
• Other files (Ex: license)
VNF Image Package Files
• Package Manifest (package.mf)
• Checksum
• File type, name
• Image properties file (Image_properties.xml)
• VNF Type
• Resource requirement (vCPU, Memory etc.,)
• Profile
• Bootstrap Configuration file (ovf-conf.xml)

• Login username and password
• Mgmt interface
VNF Image Packaging Utility
• This is an enhanced packaging process that allows the VM owner to run the nfvpt.py utility as a
command with a combination of parameters to package the VM.
• The VM packaging utility contains the following
• nfvpt.py—It is a python based packaging tool that bundles the VM raw disk image/s along with VM specific
properties.
• image_properties_template.xml—This is the template file for the VM image properties file, and has the
parameters with default values. If the user provides new values to these parameters while creating the VM
package, the default values get replaced with the user-defined values.
• nfvis_vm_packaging_utility_examples.txt—This file contains examples on how to use the image packaging
utility to package a VM image.
• nfvpt.py -o asav961-201 -i asav961-201.qcow2 -n ASAv -t firewall -r 961-201 --monitored

true --bootstrap day0-config:filename1 --min_vcpu 1 --max_vcpu 4 --min_mem 1024 --
max_mem 8192 --min_disk 8 --max_disk 16 --vnic_max 8 --optimize true --profile
ASAv5,"ASAv5 profile",1,1024,8192 --profile ASAv10,"ASAv10 profile",1,4096,8192 --profile
ASAv30,"ASAv30 profile",4,8192,16384 --default_profile ASAv5
View of a registered Package
Managing a deployed VM
Console Access to VNFs
Console Access
Port Forwarding for access
Console Access to ISRv - CLI
• Provision with serial port (image_properties.xml)
• <console_type_serial>true</console_type_serial>
• Enable serial port for console – accessing from UI console
• platform console serial
• Save and reload ISRv
Console Access to ISRv – CLI (Contd.)
• Logon to NFVIS
rcdn5408B#
rcdn5408B# show system deployments
NAME ID STATE
----------------------------------------------------------
rcdn5-4-rcdn5408-isrv.rcdn5-4-rcdn5408-isrv 3 running
rcdn5408B#
rcdn5408B# vmConsole rcdn5-4-rcdn5408-isrv.rcdn5-4-rcdn5408-isrv
Connected to domain rcdn5-4-rcdn5408-isrv.rcdn5-4-rcdn5408-isrv
Escape character is ^]
rcdn5-4-rcdn5408-isrv#
Deploying VM using ISO - Upload
Deploying VM using ISO - Profile
Deploying VM using ISO - Deployment
Deploying VM using ISO – ISO Booting
Console
VM Service Chaining - Overview
service-net
wan-net lan-net
wan-
lan-bridge
bridge
port port port port
Example Packet Flows
LAN -> WAN
1. Frame arrives LAN GEx with ISRv
MAC Address
2. GE bridged to NFVIS-vSwitch
ISRv
WAAS ASAv Win WLC Linux
IWAN
3. Lan-net of vSwitch connects to
Hypervisor (KVM)
ASAv
Tap7 Tap6 Tap5 Tap3 Tap2
NFVIS
Tap7 Tap4 Tap1

4. ASAv processes frame and Sends
vSwitch
Wan-
net
Lan-Net to vSwitch Ser-net
Ser-net
5. vSwitch Ser-net connects to ISRv
6. ISRv sends back to Ser-net with
WAN WAN LAN
NIC NIC NIC destination vWAAS
GE5 GE4 GE0 GE1 GE2 GE3
7. vWAAS processes (compresses)
Packet and sends back to ISRv via
Ser-net
DST SRC
DMacISRv SMac Payld
ISRv routes the frame to WAN GE
SRC
8.
Resource (CPU)
Management
Understanding CPU Resources – Hyper threading
Enabled
Socket 0
Core 1
CPU #1 CPU #2
Core 4 Core 2
CPU #7 CPU #8 CPU #3 CPU #4
Core 3
CPU #5 CPU #6
• Logical CPU (vCPU): (socket, Core, CPU-id)

• Ex: Logical CPU 5 – (0, 3, 1)
Understanding CPU Resources – Hyper threading
Disabled
Socket 0
Core 1
CPU #1
Core 4 Core 2
CPU #7 CPU #2
Core 3
CPU #3
VM Types
• Low-latency VM & non low-latency VM
• It is a flag (true or false) in image properties
• Low-latency VM
• Intend to provide predictable and guaranteed services
• Requires one dedicated physical Core for each VCPU
• Router (ISRv), Firewall (ASAv), vWAAS
• Non low-latency VM
• Don’t require dedicated physical core for each of VCPU
• Oversubscription allowed for non low-latency VMs
• 1 logical CPU can be shared by multiple VCPUs of non low-latency VM
• Tiny Linux, win2k
How CPUs are assigned
• Physical cores (/ logical CPUs) are assigned to VM based on the
number of VCPUs requested when VM is deployed or updated
• System Usage
• 1 CPU Core is reserved
• low-latency VM
• Dedicate 1 physical Core to 1 VCPU. The logical CPUs on this physical core can
not be assigned to any other VCPU anymore
• non low-latency VM
• Assign 1 logical CPU to 1 VCPU. This logical CPU can be shared by other VCPU
of non low-latency VM
vCPU Allocations
Socket-0
• ISRv – 4 vCPUs (low-latency)
Core-0 Cpu-0 Sys Reserved Cpu-8 Sys Reserved
• ASAv – 2 vCPUs (low-latency) Core-1 Cpu-1 Linux (vcpu-0), Win Cpu-9 Linux (vcpu-1)
• Linux – 2 vCPUs (non low- Core-2 Cpu-2 ASAv (vcpu-1) Cpu-10 ASAv (reserved)
latency) Core-3 Cpu-3 ASAv (vcpu-0) Cpu-11 ASAv (reserved)
• Windows – 1 vCPUs (non low- Core-4 Cpu-4 ISRv (vcpu-3) Cpu-12 ISRv (reserved)
latency) Core-5 Cpu-5 ISRv (vcpu-2) Cpu-13 ISRv (reserved)
Core-6 Cpu-6 ISRv (vcpu-1) Cpu-14 ISRv (reserved)
Core-7 Cpu- 7 ISRv (vcpu-0) Cpu-15 ISRv (reserved)
Plan VM deployment
• Deploy low-latency VMs first
• Use API to pre-check CPU resources before deploying a VM or
updating a VM
• Stop deploying / updating if there is not sufficient CPU resources
• Check CPU allocation and CPU assignment
View CPU Allocation
CPU – vCPU Assignment Example
Designing and
Provisioning using DNA
Center
Common
Orchestration and
Management across

network
VNF and Application

ISRv ASAv WAAS vWLC
… VNFn
App1 App2
… Appn support
Software host
API
Interface
Platform
Virtual
Switching
managing
virtualization and
hardware

Sizes
What’s DNA Center
• Appliance Server
• Enhanced APIC-EM
• Network Design
• Proactive Assurance
• Policy
• Automated Provisioning
Design
Supported Platform
Supported NFVIS Devices in DNA Center

• ENCS5100 , ENCS5400
• UCSC- 220 M4 Rack Server
• UCS-E 140S-M2/K9 on ISR4331, UCS-E160D-M2/K9 on ISR4351 & UCS-E180D-M2/K9

on ISR4451
• ISR 4321, 4331, 4351 ,4431, 4451
Design
Image Repository
Network Settings
IOS
DHCP Site WAAS

ASA
DNS
Address Pools
Credentials Network Profile

SP Profile Services (ISRv, ASAv)
H/W Platform
Platform LAN
Network Settings & Image Repository
• DHCP, DNS, NTP, Syslog and SNMP Server for that Site
• Credentials
• CLI
• SNMP
• HTTP (Read & Write) – UI Credential of NFVIS
• IP Address Pools (LAN, Service, Management & WAN-Internal)
• SP Profile – Needed but reserved for future
• Image Repository – Upload ISRv, ASAv, vWAAS or 3rd Party images
Network Profile
• Router WAN Configuration

• SP Profile Selection
• Devices for provisioning (Max. of 2)
• Device Type
• Services
• Select desired VNF
• Max 4 Custom Applications
• Max 4 Custom Networks
Network Profile
• Router LAN Configuration

• L2 mode for VLAN
• L3 supports OSPF & EIGRP
• ENCS Switch Configuration

• L2 mode for Integrated Switch
• Access or Trunk mode
Summary
• Detailed summary of the profile is
available
• Each device selection populates the
configuration details
• Hardware recommendation provided
depending on the profile configuration
Provision
Device Discovery for Provisioning
Discovery
Inventory – Not
Inventory - Claim device to site Provisioned
PnP Unclaimed Ready for
provisioning
Inventory –
Discovery
Not
Wizard
Provisioned
Provisioning Workflow
Choose the Router WAN
• WAN Interface Configuration
• Services Configuration
device and Profile Configuration • Lan-Net, Mgmt-Net, Service-Net Selection
Router LAN • Choose interfaces

Configuration • Choose Network
Custom
Configuration • Custom Template Selection
Summary
Provision Sites
• Multiple site deployments are supported

for similar device types
• All these sites should belong to the same
profile
• Max 10 device can be deployed
• If device type of the selected device is

supported then it will navigate to ENFV
provision UI screens
• Select the device & go through the
provision workflow
Troubleshooting
Platform troubleshooting
CLI – tech-support
• CLI Command ‘tech-support’ collects all relevant logs from the
system. Output at /data/intdatastore/tech-support
• ‘show system file-list’ – gives location of the file
GUI – tech-support
Service Status
Port Spanning
• Interfaces
• Physical Interface
• LAN SRIOV
• VM’s vNIC
• Sample Configuration
• configure terminal
monitor session 1
bridge wan-br
source interface GE0-0
destination vm-vnic Linux2 0
commit
Port Spanning
• Verification
• Show system monitor session
• system monitor session 1
bridge wan-br
destination_vlan "“
destination_interface vnic0
source_vlans "“
source_rx_interfaces "GE0-0“
source_tx_interfaces "GE0-0“
source_all false
statistics "tx_bytes=142660, tx_packets=1380"
Packet Capture - CLI
• Packet capture on a physical port
• tcpdump port eth0
• Output: pcap-location
/data/intdatastore/pktcaptures/tcpdump_eth0.pcap
• Packet capture on a vNIC:
• tcpdump time 10 vnic tenant-name admin deployment-name rcdn5-4-
rcdn5408-isrv vm-name rcdn5-4-rcdn5408-isrv vnic-id 3
• Output: pcap-location /data/intdatastore/pktcaptures/rcdn5-4-
rcdn5408-isrv_rcdn5-4-rcdn5408-isrv_vnic3.pcap
Packet Capture - GUI
Host System Monitoring
Changing default int-mgmt-net network
• Default subnet 10.20.0.0 clashing with existing network
• Changing the subnet process
• Need NFVIS 3.7.1 or above
• Remove any VMs
• Commands
• Config
• no vm_lifecycle networks network int-mgmt-net subnet int-mgmt-subnet
• vm_lifecycle networks network int-mgmt-net
• subnet address 20.30.25.0 gateway 20.30.0.1 netmask 255.255.255.0
• commit
Troubleshooting VM
related issues
Image Registration Logs
Image Registration Logs - Success
Image Registration Logs - Failure
NFVIS Notification - GUI
NFVIS Notification - CLI
• Gives information on event changes in the system
• NFVIS sends notifications for
• vmlcEvents (VM Lifecycle)
• nfvisEvents (NFVIS)
rcdn5408B# show notification stream vmlcEvent last 1
notification
eventTime 2018-05-04T03:38:46.063+00:00
vmlcEvent
status FAILURE
status_code 500
status_message Image creation failed. VIM Driver: "Mismatched checksum found for: image_properties.xml please verify
the file contents. Expected:58c91998e9822cc5b6c6d342d704bef29434a1e8
Actual:508bee6bef9a58660e99e313b31f59252a57e9af"
user_name admin
image isrv-universalk9.16.6.02.tar.gz
vmlcEvent event
type CREATE_IMAGE
rcdn5408B#
Deployment Troubleshooting
• Low Latency – One dedicated physical core for each vCPU
Deployment Troubleshooting
vcpu count unavailable
Provisioning
Troubleshooting
Pnp Status - CLI
show pnp status
Pnp Logs
Pnp troubleshooting -Normal
• 2018-05-01 16:52:53,842 - AGENT - INFO - Server work request:2018-05-01 16:52:53,842 - AGENT - INFO - <?xml version='1.0'
encoding='UTF-8'?><pnp xmlns="urn:cisco:pnp" version="1.0" udi="PID:ENCS5408/K9,VID:V01,SN:FGL2031106P" usr="admin"
pwd="********" noCheckTime="60" postReloadPriv="ztd"><request xmlns="urn:cisco:pnp:config-upgrade" correlator="Cisco-PnP-
1.0-15-f727fd20-eaa1-433d-85ee-c4d6d2273610-1"><config
details="errors"><copy><source><uri>api/v1/file/onetimedownload/35d3c76a-c1ba-4d09-80b6-
423434882b03</uri></source></copy></config><noReload xsitype="xs:string"></noReload></request></pnp>2018-05-01
16:52:53,842 - AGENT - INFO - *** Receive Server Request ***: type config-upgrade
• 2018-05-01 16:52:54,461 - AGENT - INFO - *** Client Work Response ***:2018-05-01 16:52:54,461 - AGENT - INFO - <?xml
version="1.0" encoding="UTF-8"?><pnp xmlns="urn:cisco:pnp" version="1.0" udi="PID:ENCS5408/K9,VID:V01,SN:FGL2031106P"
sid="a5d8a46c-d22a-4aaf-83df-6bc8c74541b0"><response xmlns="urn:cisco:pnp:config-upgrade" success="1" correlator="Cisco-
PnP-1.0-15-f727fd20-eaa1-433d-85ee-c4d6d2273610-1"/></pnp>
• 2018-05-01 16:52:54,744 - AGENT - INFO - *** Server Response ***2018-05-01 16:52:54,744 - AGENT - INFO - <?xml
version='1.0' encoding='UTF-8'?><pnp xmlns="urn:cisco:pnp" version="1.0"
udi="PID:ENCS5408/K9,VID:V01,SN:FGL2031106P"><info xmlns="urn:cisco:pnp:work-info" correlator="Cisco-PnP-1.0-15-f727fd20-
eaa1-433d-85ee-c4d6d2273610-1"><workInfo><bye></bye></workInfo></info></pnp>
Pnp troubleshooting - Problem
• 2018-05-01 16:53:09,363 - AGENT - INFO - Server work request:2018-05-01 16:53:09,364 - AGENT - INFO - <?xml version='1.0'
encoding='UTF-8'?><pnp xmlns="urn:cisco:pnp" version="1.0" udi="PID:ENCS5408/K9,VID:V01,SN:FGL2031106P" usr="admin"
pwd="********"><request xmlns="urn:cisco:pnp:backoff" correlator="Cisco-PnP-1.0-18-1add7b59-bd4c-4f0b-970f-35382df5fe75-
1"><backoff><reason>Routine
backoff</reason><callbackAfter><hours>48</hours><minutes>0</minutes><seconds>0</seconds></callbackAfter></backoff></reque
st></pnp> 2018-05-01 16:53:09,364 - AGENT - INFO - *** Receive Server Request ***: type backoff
• 2018-05-01 16:53:09,367 - AGENT - INFO - *** Client Work Response ***:2018-05-01 16:53:09,367 - AGENT - INFO - <?xml
version="1.0" encoding="UTF-8"?><pnp xmlns="urn:cisco:pnp" version="1.0" udi="PID:ENCS5408/K9,VID:V01,SN:FGL2031106P"
sid="a5d8a46c-d22a-4aaf-83df-6bc8c74541b0"><response xmlns="urn:cisco:pnp:backoff" success="1" correlator="Cisco-PnP-1.0-
18-1add7b59-bd4c-4f0b-970f-35382df5fe75-1"><callbackAfter>172800</callbackAfter></response></pnp>
• 2018-05-01 16:53:09,643 - AGENT - INFO - *** Server Response ***2018-05-01 16:53:09,643 - AGENT - INFO - <?xml
version='1.0' encoding='UTF-8'?><pnp xmlns="urn:cisco:pnp" version="1.0"
udi="PID:ENCS5408/K9,VID:V01,SN:FGL2031106P"><info xmlns="urn:cisco:pnp:work-info" correlator="Cisco-PnP-1.0-18-
1add7b59-bd4c-4f0b-970f-35382df5fe75-1"><workInfo><bye></bye></workInfo></info></pnp>
DNA Center - Provisioning Status
DNA Center Logs
• DNA Center Login: ssh -p 2222 maglev@<dnac-ip>

 Enfv – ‘magctl service logs -r nfv-provisioning-service’
 Swim – ‘magctl service logs –r swim-service’
 Inventory – ‘magctl service logs –r apic-em-inventory-manager-service’
 PnP: ‘magctl service logs –r pnp-service’
Agenda
• Enterprise NFV
• NFVIS Architecture
• VM Life Cycle
• Designing and Provisioning
using DNA Center
• Troubleshooting
Complete your online session evaluation
Give us your feedback to be entered

into a Daily Survey Drawing.
Complete your session surveys through
the Cisco Live mobile app or on
www.CiscoLive.com/us.
Don’t forget: Cisco Live sessions will be available for viewing
on demand after the event at www.CiscoLive.com/Online.
Continue
your Demos in
the Cisco
Walk-in
self-paced
Meet the
engineer
Related
sessions
education campus labs 1:1
meetings BRKARC-2014
BRKCRS-3447
BRKRST-2557
#CLUS Presentation ID © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
Thank you
#CLUS

Brkarc 2012 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Brkarc 2012 PDF

Uploaded by

Copyright:

Available Formats

Enterprise Network

Webex Teams will be moderated cs.co/ciscolivebot#BRKARC-2012

Multiple Devices Difficult to Manage Costly to Operate

Centralized orchestration and management

Consistent, trusted network services across all the platforms

Hardware and software independence

Centralized Orchestration and Management

Network Functions Virtualization Infrastructure Software (NFVIS)

ISR 4000 + Enterprise Network UCS C-Series or

Traditional Branch Virtualized Branch

4000 Series ISR + Enterprise Network

Upgradable hardware Elastic routing and services

Enterprise Network Compute System

ENCS 5100 Series

ENCS 5400 Series

ENCS 5104 ENCS 5406 ENCS 5408 ENCS 5412

Hardware Acceleration for

HW offload for Software

Cellular, T1, Dual-PHY

Size: 1 RU 16 & 32 GB 4-Core AMD M.2 Storage

Integrated Console 4 GE ports 2 x USB 3.0

DNA Center / Network Service Orchestrator virtual & physical

VNF and Application

ISR-4K + UCS-E ENCS UCS x86 Server Various Host options

NFVIS = Network Function Virtualization Infrastructure Software

CLI NETCONF REST

Image Web VM Life Cycle Cluster

Storage Resource Service Host Statistics

CentOS Linux 7.3 + KVM + Kernel Drivers

PnP Agent in NFVIS

Branch Data Center

* - Network Services Orchestrator (NSO) can also be used

• PnP Discovery Priority

ip dhcp pool P_ENCS_18375

ip dhcp pool P_ENCS_18375

wan-br lan-br mgmt-br

ucse x/0/1 ucse x/0/0

• NFVIS can be accessed by default by either WAN or LAN networks

GE0 GE2 GE3 GE4 GE5 GE1

• NFVIS can be accessed by default by either WAN or LAN networks

1. Entire x86 Host

5. VNFs or any of their software VF

• On VNF failure detection, NFVIS can auto-restart the VNF

• Downtime experienced will depend on the VNF boot up time

• Can still run the branch off one hardware

VNF Failure Protection

ISRv WAAS ASAv Windows Linux

wan-net inet-net service-net lan-net mgmt-net

wan-br inet-br service-br lan-br mgmt-br

Hypervisor (KVM) Hypervisor (KVM)

wan-br inet-br service-br mgmt-br wan-br inet-br service-br lan-br mgmt-br

IoT WLC Windows 3rd Party vFP(t)

GE1 GE2 GE1 GE2

• Register the upgrade image

• Verify registered image

• Upgrade registered image

DNA Center / Network Service Orchestrator virtual & physical

VNF and Application

ISR-4K + UCS-E ENCS UCS x86 Server Various Host options

NFVIS = Network Function Virtualization Infrastructure Software

• Bootstrap Configuration file (ovf-conf.xml)

• nfvpt.py -o asav961-201 -i asav961-201.qcow2 -n ASAv -t firewall -r 961-201 --monitored

Port Forwarding for access