Published On: August 6ᵗʰ, 2019 02:10

Cisco Enterprise Network Function Virtualization Infrastructure Software Configuration Guide, Release 3.10.1

Installation Prerequisites

Ensure that the following prerequisties are met:

  • The IP address is configured for Cisco Integrated Management Controller (CIMC) as well as a login account with administrative privileges.

  • The login account is set up with administrative privileges.

  • The installation media for Cisco Enterprise NFVIS has an ISO image.

  • The IP address of the system (required for remote access) is available.

  • Hyper-threading is enabled in BIOS. By default, hyper-threading is enabled in BIOS on the UCS-C, UCS-E and ENCS platforms.


Note

The installation steps are slightly different for Cisco UCS and Cisco ENCS platforms. See the following sections for details:


Installing Cisco Enterprise NFVIS on the Cisco UCS C220 M4 Rack Server or Cisco CSP 2100

Installing Cisco Enterprise NFVIS on Cisco UCS E-Series Servers

Installing Cisco Enterprise NFVIS on a Cisco ENCS 5100 and 5400

Assumptions

  • The user is familiar with the supported hardware device, CIMC, Cisco Network Plug and Play, and Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM).

  • The initial setup of the hardware device is complete, and the device is ready for loading Cisco Enterprise NFVIS.

  • The user is familiar with general Linux installation.

For more details on the supported hardware devices, see respective documentation available on Cisco.com.

Image Signing and Verification

Cisco Enterprise NFVIS supports RPM signing and signature verification for all RPM packages in the ISO and upgrade images. You can also verify the integrity of the Cisco Enterprise NFVIS ISO and upgrade images.

RPM Signing

All RPM packages in the Cisco Enterprise NFVIS ISO and upgrade images are signed to ensure cryptographic integrity and authenticity. This guarantees that the RPM packages have not been tampered with and the RPM packages are from Cisco Enterprise NFVIS. The private key, used for signing the RPM packages, is created and securely maintained by Cisco.

RPM Signature Verification

Cisco Enterprise NFVIS verifies all RPM packages during installation or upgrade. The following table describes the Cisco Enterprise NFVIS behavior when the signature verification fails during installation or upgrade.

Scenario

Description

Cisco Enterprise NFVIS 3.7.1 installation

If the signature verification fails while installing Cisco Enterprise NFVIS, the installation is aborted.

Cisco Enterprise NFVIS upgrade from 3.6.x to Release 3.7.1

The RPM signatures are verified when the upgrade is being performed. If the signature verification fails, an error is logged but the upgrade is completed.

Cisco Enterprise NFVIS upgrade from Release 3.7.1 to later releases

The RPM signatures are verified when the upgrade image is registered. If the signature verification fails, the upgrade is aborted.

Image Integrity Verification Using sha256sum

RPM signing and signature verification can be done only for the RPM packages available in the Cisco NFVIS ISO and upgrade images. To ensure the integrity of all additional non-RPM files available in the Cisco NFVIS ISO image, a hash of the Cisco NFVIS ISO image is published along with the image. Similarly, a hash of the Cisco NFVIS upgrade image is published along with the image. To verify that the hash of Cisco NFVIS ISO image or upgrade image matches the hash published by Cisco, run the following command and compare the hash with the published hash:

% /usr/bin/sha256sum ImageFile
4db533d96d8705db8af904ab754349151adea504b81337155cc591c6203e3295 ImageFile

Entering BIOS Setup


Note

This section applies only to ENCS 5400 and UCS-E series routers.


When you enter the BIOS setup for the first time, ensure that you secure the BIOS by setting up an admin-level and a user-level password. You have to set up the admin password when you access the BIOS menu for the first time. The user password (which only gives access to a small subset of BIOS options) must be set inside the BIOS setup menu.

To set up the admin password, press F2 when the system boots up. You will be prompted to set the password.

To set up the user password, after you log in, go to the ‘Security’ tab and set the password.

Installing Cisco Enterprise NFVIS on the Cisco UCS C220 M4 Rack Server or Cisco CSP 2100

This section provides information about a series of tasks you need to perform to install Cisco Enterprise NFVIS on a Cisco UCS C220 M4 Rack Server or Cisco CSP 2100.

Logging Into the CIMC GUI

Before you begin

  • Make sure that you have configured the IP address to access CIMC.

  • If not installed, install Adobe Flash Player 10 or later on your local system.

For details on how to configure an IP address for CIMC, see the Set up CIMC for UCS C-Series Server guide on cisco.com.

Procedure


Step 1

In your web browser, enter the IP address that you configured to access CIMC during initial setup.

Step 2

If a security dialog box displays, do the following:

  1. Optional: Select the check box to accept all content from Cisco.

  2. Click Yes to accept the certificate and continue.

Step 3

In the log in window, enter your username and password.

When logging in for the first time to an unconfigured system, use admin as the username and password as the password.

Step 4

Click Log In.

The Change Password dialog box only appears the first time you log into CIMC.

Step 5

Change the password as appropriate and save.

The CIMC home page is displayed.


Activating a Virtual Device

You will have to launch the KVM Console to activate virtual devices.

Before you begin

Ensure that you have the Java 1.6.0_14 or a higher version installed on your local system.

Procedure


Step 1

Download the Cisco Enterprise NFVIS image from a prescribed location to your local system.

Step 2

From CIMC, select the Server tab, and click Launch KVM Console.

Note 

A JNLP file will be downloaded to your system. You must open the file immediately after it is downloaded to avoid the session timeout.

Step 3

Open the renamed .jnlp file. When it prompts you to download Cisco Virtual KVM Console, click Yes. Ignore all security warnings and continue with the launch.

The KVM Console is displayed.

Step 4

From the Virtual Media menu on the KVM Console, select Activate Virtual Devices.

If prompted with an unencrypted virtual media session message, select Accept this session, and click Apply. The virtual devices are activated now.


Mapping the Cisco Enterprise NFVIS Image

Procedure


Step 1

From the Virtual Media menu on the KVM Console, select Map CD/DVD....

Step 2

Browse for the installation file (ISO) on your local system, and select it .

Step 3

Click Map Device.

The ISO image file is now mapped to the CD/DVD.

Installing Cisco Enterprise NFVIS on Cisco UCS E-Series Servers

Before you begin

  • Configure the UCS E interface on the Cisco ISR router.

  • Configure the Gigabit Ethernet interface on the Cisco ISR router.

  • Ensure that you have the IP address configured for CIMC access as well as a login account with administrative privileges.

  • Ensure that the Cisco UCS E server has one of the following supported firmware versions or above:

    • BIOS UCSED.2.5.0.3 or later for UCS-E160D-M2/K9 and UCS-E180D-M2/K9

    • BIOS UCSES.1.5.0.5 or later for UCS-E140S-M2/K9

For more details on how to perform the basic configuration on the Cisco ISR routers, see the following guides:

For details on how to configure an IP address for CIMC, see the Getting Started Guide for Cisco UCS E-Series Servers, Release 1.0 on cisco.com.

Procedure


Step 1

Log into CIMC.

For details, see Logging Into the CIMC GUI

Step 2

From the Server tab, click Launch KVM Console.

The KVM Console opens in a separate window.
Step 3

From the KVM console, click the Virtual Media tab.

Step 4

In the Virtual Media tab, map the virtual media using either of the following methods:

  1. Select the Mapped check box for the CD/DVD drive containing the operating system.

  2. Click Add Image, browse, and select the Cisco Enterprise NFVIS ISO image, click Open to mount the image, and then select the Mapped check box for the mounted image.

You must keep the Virtual Media tab open during the installation process. Closing the tab unmaps all virtual media.

Step 5

From the Server tab, select BIOS.

Step 6

From the BIOS Actions area, select Configure Boot Order.

The Configure Boot Order dialog box appears.
Step 7

From the Device Types area, select CD/DVD Linux Virtual CD/DVD, and then click Add.

Step 8

Select HDD PCI RAID Adapter, and then click Add.

Step 9

Set the boot order sequence using the Up and Down options. The CD/DVD Linux Virtual CD/DVD boot order option must be the first choice.

Step 10

Click Apply to complete the boot order setup.

Step 11

Reboot the server by selecting the Power Off Server option from the Server Summary page in CIMC.

Step 12

After the server is down, select the Power On Server option in CIMC.

When the server reboots, the KVM console will automatically install Cisco Enterprise NFVIS from the virtual CD/DVD drive. The entire installation might take 30 minutes to one hour to complete.

Step 13

After the installation is complete, the system is automatically rebooted from the hard drive. Log into the system when the command prompt changes from "localhost" to "nfvis" after the reboot.

Wait for some time for the system to automatically change the command prompt. If it does not change automatically, press Enter to manually change the command prompt from "localhost" to "nfvis". Use admin as the login name and Admin123# as the default password.
Note 

The system prompts you to change the default password at the first login attempt. You must set a strong password as per the on-screen instructions to proceed with the application. You cannot run API commands or proceed with any tasks unless you change the default password at the first login. API will return 401 unauthorized error if the default password is not reset.

Step 14

You can verify the installation using the System API or by viewing the system information from the Cisco Enterprise NFV portal.


What to do next

You can verify the default configuration, and set up initial IP configuration to launch the Cisco Enterprise NFV portal. For details, see Performing Initial System Configuration.

Sample Configuration on the Cisco ISR Router to Bring Up a Cisco UCS E Server

The following sample configuration shows the basic configuration performed on the Cisco ISR 4451 router with DHCP enabled.



Last configuration change at 02:36:37 UTC Thu Feb 18 2016
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname NFVIS-ISR4451
!
boot-start-marker
boot system bootflash:isr4300-universalk9.03.16.01a.S.155-3.S1a-ext.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
!
no aaa new-model
!
!
!
ip domain name cisco.com
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
license udi pid ISR4331/K9 sn FDO192207MN
!
!
ucse subslot 1/0
 imc access-port shared-lom console
 imc ip address 172.19.183.172 255.255.255.0 default-gateway 172.19.183.1 
!
spanning-tree extend system-id
!
!
redundancy
 mode none
!
!
!
vlan internal allocation policy ascending
!
!
! 
interface GigabitEthernet0/0/0
 ip address 172.19.183.171 255.255.255.0
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/0/1
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/2
 no ip address
 shutdown
 negotiation auto
!
interface ucse1/0/0
 ip unnumbered GigabitEthernet0/0/0
 negotiation auto
 switchport mode trunk
 no mop enabled
 no mop sysid
!
interface ucse1/0/1
 no ip address
 no negotiation auto
 switchport mode trunk
 no mop enabled
 no mop sysid
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 shutdown
 negotiation auto
!
interface Vlan1
 no ip address
 shutdown
!
ip default-gateway 172.19.183.1
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 172.19.183.1
ip route 172.19.183.172 255.255.255.255 ucse1/0/0
ip ssh version 2
!
!
!

control-plane
!
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 password lab
 login local
 transport input all
 transport output all
!
!
end


Installing Cisco Enterprise NFVIS on a Cisco ENCS 5100 and 5400


Note

Software or hardware RAID controller setup is not supported with Cisco ENCS in Cisco Enterprise NFVIS Release 3.5.1.

Before you begin

  • Make sure that you have configured the IP address to access CIMC.

  • If not installed, install Adobe Flash Player 10 or later on your local machine.

For details on how to configure an IP address for CIMC, see the Set up CIMC for UCS C-Series Server and Getting Started Guide for Cisco UCS E-Series Servers and the Cisco UCS E-Series Network Compute Engine on cisco.com.

Procedure


Step 1

In your web browser, enter the IP address that you configured to access CIMC during initial setup.

Step 2

If a security dialog box displays, do the following:

  1. Optional: Select the check box to accept all content from Cisco.

  2. Click Yes to accept the certificate and continue.

Step 3

In the Log in window, enter your username and password.

When logging in for the first time to an unconfigured system, use admin as the username and password as the password.

Step 4

Click Log In.

The Change Password dialog box only appears the first time you log into CIMC.

Step 5

Change the password as appropriate and save.

The CIMC home page is displayed.

Step 6

From the CIMC Server tab, select Summary, and click Launch KVM Console.

The KVM Console opens in a separate window.
Step 7

From the Virtual Media menu on the KVM Console, select Activate Virtual Devices .

If prompted with an unencrypted virtual media session message, select Accept this session, and click Apply. The virtual devices are activated now.

Step 8

From the Virtual Media menu on the KVM Console, select Map CD/DVD.

Step 9

Browse for the installation file (ISO) on your local system, and select it.

Step 10

Click Map Device.

The ISO image file is now mapped to the CD/DVD.
Step 11

From the CIMC Server tab, select BIOS.

Step 12

From the BIOS Actions area, select Configure Boot Order.

The Configure Boot Order dialog box appears.
Step 13

From the Device Types area, select CD/DVD Linux Virtual CD/DVD, and then click Add.

Step 14

Select HDD, and then click Add.

Step 15

Set the boot order sequence using the Up and Down options. The CD/DVD Linux Virtual CD/DVD boot order option must be the first choice.

Step 16

Click Apply to complete the boot order setup.

Step 17

Reboot the server by selecting the Power Off Server option from the Server Summary page in CIMC.

Step 18

After the server is down, select the Power On Server option in CIMC.

When the server reboots, the KVM console will automatically install Cisco Enterprise NFVIS from the virtual CD/DVD drive. The entire installation might take 30 minutes to one hour to complete.

Step 19

After the installation is complete, the system is automatically rebooted from the hard drive. Log into the system when the command prompt changes from "localhost" to "nfvis" after the reboot.

Wait for some time for the system to automatically change the command prompt. If it does not change automatically, press Enter to manually change the command prompt from "localhost" to "nfvis". Use admin as the login name and Admin123# as the default password.

Note 

The system prompts you to change the default password at the first login. You must set a strong password as per the on-screen instructions to proceed with the application. You cannot run API commands or proceed with any tasks unless you change the default password at the first login. API will return 401 unauthorized error if the default password is not reset.

Step 20

You can verify the installation using the System API or by viewing the system information from the Cisco Enterprise NFVIS portal.


Installing Cisco Enterprise NFVIS on a Cisco ENCS 5104

Procedure


Step 1

Create bootable usb with NFVIS image.

In this example, we used rufus utility in Windows environment. Rufus utility can be downloaded https://rufus.akeo.ie/. For this example, following parameters were used to burn bootable NFVIS USB device:
  • Device: USB stick

  • Partition scheme: MBR

  • Filesystem: FAT32

  • Cluster size: use default

  • Volume label: use default

  • Quick format: checked

  • Create bootable: select "ISO Image" and click next icon then choose NFVIS image.

  • Create extended label: checked

Press Start and wait for completion.

Eject USB thumb drive

Step 2

Insert USB device in one of USB slot in ENCS5104.

Step 3

Power on system.

Step 4

During system boot up, press F6 key.


Press <DEL> or <F2> to enter setup, <F6> Boot Menu, <F12> Network Boot in 5 seconds or press any key to continue.
Step 5

Once you press F6, you will see the following screenshot to select which device you want to boot from. Select your USB device.

In the following screenshot example, there is STEC USB being used. That display will vary depending on your usb device vendor. Use the arrow key to select that device.

Step 6

Wait until installation is completed. System will be rebooted once installation is done.

Step 7

Log into the system with username admin and Admin123# as a default password

Step 8

You will be prompted and asked to change password at the first login. You must set a strong password per the on-screen instruction to proceed.

Step 9

You can verify the installation status using the System API or command line interface per the NFVIS user guide.


What to do next

You can verify the default configuration, and set up initial IP configuration to launch the Cisco Enterprise NFV portal. For details, see Performing Initial System Configuration.