Published On: October 24ᵗʰ, 2019 16:20

Cisco Enterprise Network Function Virtualization Infrastructure Software Configuration Guide, Release 3.12.1

This chapter provides details on the following deployment scenarios using REST APIs. As an example, the Cisco ENCS is used to illustrate these scenarios.

  • Single VM deployment

  • Service chaining with two VMs

  • Service chaining of multiple VMs with Windows or Linux servers

    The following VM images are used to explain the deployment scenarios:

    • Cisco Integrated Services Router (ISRv) —isrv-03.16.02

    • Cisco Adaptive Security Virtual Appliance (ASAv)— asav951-201

    • Linux server—ubuntu-14.04.3-server-amd64-disk1

Registering VM Images

You must register all VM images before deploying them.


Note

Register all the VM images required for the VM deployment depending on the topology. A VM image registration is done only once per VM image. You can perform multiple VM deployments using the registered VM image.


To register a Cisco ISRv image:

  1. Set up the http/https server to host the VM image, or upload the image to the NFVIS server using the local portal or the scp command.

  2. Register the Cisco ISRv image using the following API method:

    
    
    curl -k -v -u admin:admin -H Accept:application/vnd.yang.data+xml -H Content-Type:application/vnd.yang.data+xml -X 
    POST https://<NFVIS_IP>/api/config/vm_lifecycle/images -d '<image><name>isrv-k9.16.03.01</name><src>http://filename_with_full-path-of
    the-file/isrv-universalk9.16.03.01.tar.gz</src></image>' 
                      
    
    
  3. Verify the image status using the following API method:

    
    curl -k -v -u admin:admin -H Accept:application/vnd.yang.data+xml -H Content-Type:application/vnd.yang.data+xml -X 
    GET https://<NFVIS_IP>/api/operational/vm_lifecycle/opdata/images/image/isrv-9.16.03.01?deep
    
    
    
  4. Now, repeat Steps 1 to 3 to register the Cisco ASAv and Linux server images. Ensure that you provide the exact image name and source file location when running the API commands.


Note

You can run API commands from any console/server that can reach Cisco Enterprise NFVIS.


Image Registration - Certificate Validation

For image registration, validate securely download images from an HTTPS enabled web-server. The certificate used to authenticate the image is either a raw text string or a .cert file.

To register an image without certificate validation:


configure terminal
vm_lifecycle images image cert_test certificate_validation false src https://172.20.117.124/nfvis/isrv-universalk9.16.06.05.tar.gz
    commit

To register an image with certificate validation using a certificate file:


confirgure terminal
vm_lifecycle images image cert_test certificate_validation true certificate_file file:///data/intdatastore/uploads/brag.cert src https://172.20.117.124/nfvis/isrv-universalk9.16.06.05.tar.gz
    commit

To register an image with certificate validation using raw certificate file contents:


configure terminal
vm_lifecycle images image cert_test certificate_validation true src https://172.20.117.124/nfvis/isrv-universalk9.16.06.05.tar.gz
    
    certificate_string

    (<AES encrypted string>): "-----BEGIN CERTIFICATE-----MIID2TCCAsGgAwIBAgIJAOySjdTedBEyMA0GCSqG...----END CERTIFICATE-----"
     
    commit

Single VM Deployment

In this example, a Cisco ISRv image with three network interfaces is deployed. The following diagram illustrates the deployment topology:

Figure 1. Single VM Deployment
Single VM Deployment

Steps for Deploying a VM

To deploy a Cisco ISRv image:

  1. Verify that all networks required for your deployment are configured.

    
    curl -k -v -u admin:admin -H content-type:application/vnd.yang.data+xml -X 
    GET https://<NFVIS_IP>/api/config/networks?deep
    
    
    
  2. Before deploying the VM, you can perform a resource check to ensure that you have sufficient resources for the deployment.

    
    curl -k -v -u "admin:admin" -X GET
    https://<NFVIS_IP>/api/operational/resources/precheck/vnf/newvnf,isrv-small,true
    ?deep
    
    
  3. Deploy the Cisco ISRv VM.

    
    curl -k -v -u admin:admin -H Accept:application/vnd.yang.data+xml -H Content-Type:application/vnd.yang.data+xml -X 
    POST https://<NFVIS_IP>/api/config/vm_lifecycle/tenants/tenant/admin/deployments --data
    <deployment>
        <name>ISR</name>
        <vm_group>
            <name>ISR</name>
            <image>isrv-universalk9.16.03.01/image>
            <bootup_time>600</bootup_time>
            <recovery_wait_time>0</recovery_wait_time>
            <recovery_policy>
                <action_on_recovery>REBOOT_ONLY</action_on_recovery>
            </recovery_policy>
            <flavor>isrv-small</flavor>
            <interfaces>
                <interface>
                    <nicid>0</nicid>
                    <network>int-mgmt-net</network>
                    <port_forwarding>
                        <port>
                            <type>ssh</type>
                            <protocol>tcp</protocol>
                            <vnf_port>22</vnf_port>
                            <external_port_range>
                                <start>20022</start>
                                <end>20022</end>
                            </external_port_range>
                        </port>
                    </port_forwarding>
                </interface>
                <interface>
                    <nicid>1</nicid>
                    <network>lan-net</network>
                    <ip_address>209.165.201.0</ip_address>
                </interface>
                <interface>
                    <nicid>2</nicid>
                    <network>wan-net</network>
                    <ip_address>209.165.201.1</ip_address>
                </interface>
            </interfaces>
            <scaling>
                <min_active>1</min_active>
                <max_active>1</max_active>
            </scaling>
            <kpi_data>
                <kpi>
                    <event_name>VM_ALIVE</event_name>
                    <metric_value>1</metric_value>
                    <metric_cond>GT</metric_cond>
                    <metric_type>UINT32</metric_type>
                    <metric_collector>
                        <type>ICMPPing</type>
                        <nicid>0</nicid>
                        <poll_frequency>3</poll_frequency>
                        <polling_unit>seconds</polling_unit>
                        <continuous_alarm>false</continuous_alarm>
                    </metric_collector>
                </kpi>
            </kpi_data>
            <rules>
                <admin_rules>
                    <rule>
                        <event_name>VM_ALIVE</event_name>
                        <action>ALWAYS log</action>
                        <action>TRUE servicebooted.sh</action>
                        <action>FALSE recover autohealing</action>
                    </rule>
                </admin_rules>
            </rules>
            <config_data>
                <configuration>
                    <dst>bootstrap_config</dst>
                    <variable>
                        <name>TECH_PACKAGE</name>
                        <val>security</val>
                    </variable> 
                    <variable>
                        <name>ngio</name>
                        <val>enable</val>
                    </variable>
                </configuration>
            </config_data>
        </vm_group>
    </deployment>                
    
    
    

    Note

    If two VM's are connected to the same physical interface, one over SRIOV and another over virtio net from a bridge connected to the packet filter, you cannot ping between the two VM's between these interfaces. Use SRIOV or virtio net on both the VM's to connect to the packet filter over a bridge.


  4. Verify the deployment status.

    
    
    curl -k -v -u admin:admin -H Accept:application/vnd.yang.data+xml -H Content-Type:application/vnd.yang.data+xml -X 
    GET https://NFVIS_IP/api/operational/vm_lifecycle/opdata/tenants/tenant/admin/deployments/ISR,-,-?deep
    
    

    Note

    To enable NIM support on a Cisco ISRv running on Cisco ENCS, you must use the following variable in the ISRv deployment payload.


    
    <variable>
         <name>ngio</name>
         <val>enable</val>
    </variable>
    

Service Chaining of VMs

Service chaining here refers to a set of network services in the form of VMs using an intermediate network. Cisco Enterprise NFVIS supports service chaining of two or more VMs eliminating the need of dedicated hardware devices for different types of network services.

To service chain traffic between two or more VMs, you will have to create the following:

  • Bridge—For example, you can create a new bridge called sc-br.

  • Network—For example, you can create a new network called sc-net.

  • Launch VM1 and VM2 with an interface from each VM to the service chain network (sc-net).

For more details on how to configure service chaining using APIs, see the following topics:

Service Chaining with two VM Images

In this example, a Cisco ISRv VM and a Cisco ASAv VM are service chained. For that, you will have to deploy both VMs.

Figure 2. Service Chaining with two VM Images

Steps for Service Chaining with Two VM Images

  1. Create a new bridge for service chaining.

    
    curl -k -v -u admin:admin -H content-type:application/vnd.yang.data+xml -X POST https://<NFVIS_IP>/api/config/bridges --data
    '<bridge><name>sc-br</name></bridge>'
    
    
  2. Create a new network for service chaining, and attach the bridge to the network.

    
    curl -k -v -u admin:admin -H content-type:application/vnd.yang.data+xml -X POST https://<NFVIS_IP>/api/config/networks --data
    '<network><name>sc-net</name><bridge>sc-br</bridge> </network>' 
                      
    
    
  3. Verify that all bridges and networks are configured.

  4. Deploy the Cisco ISRv VM, and verify the deployment status.

  5. Deploy the cisco ASAv VM, and verify the deployment status.

    See Steps for Deploying a VM for API command details for Steps 3 to 5.

Service Chaining of Multiple VMs with Windows or Linux Servers

In this example, multiple VMs will be service chained. Cisco ISRv and Cisco ASAv VMs can be deployed as explained in Service Chaining with two VM Images.

This section covers Linux server deployment (Windows 2012 server can also be deployed using the same steps.)

Figure 3. Service Chaining of Multiple VMs with Windows or Linux Servers

Steps for Service Chaining of Multiple VMs with Windows or Linux Servers

  1. Create networks and bridges as required.

    See Steps 1 and 2 in Steps for Service Chaining with Two VM Images for details on creating networks and bridges.

  2. Deploy Cisco ISRv and Cisco ASAv, and verify their deployment status.

  3. Deploy the Linux server VM.

  4. Verify the server deployment status.

    See the Steps for Deploying a VM for API command details for Steps 2 to 4.