About Cisco deployments
The deployment package for the Cisco Enterprise Network Compute System (ENCS) is the same TAR archive used for Linux. ENCS is a line of compute appliances designed for the Cisco SD-Branch and Enterprise Network Functions Virtualization (ENFV) solution. Cisco SD-Branch is a hosting platform designed for the enterprise branch edge. The platform provides a virtual environment that enables the automated deployment of virtual network services consisting of multiple virtualized network functions (VNFs). Using the platform, administrators can leverage the flexibility of software-defined networking (SDN) capabilities to service chain VNFs in a variety of ways. Cisco SD-Branch is comprised of these components:
• ENCS physical x86 hardware that provides compute resources to back the virtual layers.
• Network Function Virtual Infrastructure Software (NFVIS) platform that facilitates the deployment and operation of VNFs and hardware components.
• An orchestration environment to allow easy automation of the deployment of virtualized network services, consisting of multiple VNFs.
In this context, Riverbed products serve as VNFs running as virtual appliance on NFVIS. In-path deployments and out-of-path deployments using Web Cache Communication Protocol (WCCP) and policy-based routing (PBR) are supported. While appliances can be deployed in different locations in a topology depending on your needs, the procedures here focus on an in-path deployment. After you understand the underlaying concepts, you will be able to design and execute different kinds of deployments.
Paravirtualized device drivers and Single Root Input/Output Virtualization (SR-IOV) are supported. However, the Cisco 5000 Series ENCS does not support SR-IOV ports in promiscuous mode. The virtual switches that connect the physical host’s ports to the appliance’s LAN and WAN interfaces must be configured to use promiscuous mode to ensure all traffic reaches the appliance. Therefore, the appliance LAN and WAN interfaces cannot leverage SR-IOV. Additionally, SR-IOV cannot be used for in-box service chaining on Cisco 5000 Series ENCS; only virtio interfaces may be used.
Before deployment, ensure that the:
• ENCS and NFVIS components are running the most current software from Cisco.
• host system has at least four network interfaces.
• LAN and WAN interfaces are on separate networks or bridges.
• Linux system where you plan to prepare the software image has QEMU installed.
• host meets the minimum standards for the appliance model.
Download the package to a system running any supported Linux operating system. You will prepare the software image for use on Cisco 5000 Series ENCS on there.
Preparing images for NFVIS
You can use the Riverbed-provided helper script—together with Cisco helper files—to create an image file that can be immediately uploaded to NFVIS and deployed. This method provides some flexibility in setting the attributes of the virtual machine and automates much of the process. You can also manually prepare the image. This method requires more steps but provides the most flexibility in configuring virtual machine attributes.
After you add an image to the NFVIS image repository and register it, you can use the image on any Cisco NFVIS system.
Preparing images using scripts
The script helps to automate the image preparation and packaging process while allowing you some flexibility in setting virtual machine properties. The script generates a .tar.gz image file to your specifications that you can upload and deploy.
The Riverbed helper script requires two additional files that you obtain from Cisco. You must place these files in the same location as the Riverbed helper script:
• image_properties_template.xml
• the nfvpt.py
Unzip and untar the product’s deployment package, and then log in to your account on NFVIS. Choose VM Life Cycle > Image Repository > Browse Datastore > Data > intdatastore > Uploads > vmpackagingutility > nfvisvmpackagingtool.tar.
Download the nfvisvmpackagingtool.tar file to your local system. Unpack the nfvisvmpackagingtool.tar file, and locate these files: image_properties_template.xml and nfvpt.py. Place these two files in the same location where you placed the Riverbed helper script, riverbed_encs_package_gen.py.
Run the Riverbed helper script and follow the prompts. The system creates a .tar.gz file that is suitable for upload to the NFVIS image repository.
In the NFVIS console, choose VM Life Cycle > Image Repository: Image Registration. Upload the .tar.gz file to the repository and then register it.
Preparing images without using scripts
Follow this procedure if you want more flexibility in setting virtual machine attributes. You’ll need to:
• extract the contents of the downloaded deployment package.
• modify the mgmt.qcow2 file, if necessary, using the qemu-img resize mgmt.qcow2 +<amount-of-additional-space> command. The default size is 20 GB. Some appliance models may require a larger management disk.
• create a second qcow2 file for the appliance’s data store disk using the qemu-img create -f qcow2 segstore.<size>G.qcow2 <size>G command.
Order is important when creating, uploading, and connecting virtual disks. Always work with the management disk first and then the data store disk.
After you have prepared these files, you can import them into NFVIS using the Image Packaging section of the NFVIS console. There you can package the uploaded files into an image (.tar.gz file) suitable for use on any Cisco 5000 Series ENCS. After packaging, register the image in the repository.
Uploading images to the NFVIS image repository
To upload images to the NFVIS image repository, log in to your account on NFVIS. Choose VM Life Cycle > Image Repository, and select the Image Packaging tab. Click the icon next to VM Packages, and then enter values for these fields:
Package Name is the name for this instance of the SteelHead-v package.
VM Version is the version for this instance of the SteelHead-v package.
VM Type specifies Other from the drop-down menu. You must select Other.
Dedicated Cores (Optimize) specifies Yes from the drop-down menu.
Serial Console specifies Enable from the drop-down menu.
Sriov Driver(s) enables you to select all available options if you plan to use SR-IOV on the primary and auxiliary interfaces.
Raw Disk File Bus specifies Virtio from the drop-down menu.
Thick Disk Provisioning specifies Yes if you are deploying to a production environment.
Accept the default values for items in the bootstrap section.
Select Raw Images (.qcow2/.img) and upload both of the qcow2 files you created in
Preparing images without using scripts in this order: mgmt.qcow2 file and then data store qcow2 file.
The order is important; you must upload the files in this order.
Optionally, you can create preconfigured deployment profiles using the Advanced Configuration settings.
After the qcow2 files are uploaded, submit them. The uploaded files are packaged into a tar.gz file, and then the tar.gz file is added to the list of packages at the bottom of the Image Packaging tab.
Register the new package. Registered images can be used on any NFVIS system.
Deploying on the Cisco 5100 Series ENCS
Before you deploy the appliance, ensure that the virtual environment has:
• a representation of the physical host ports GEO-0 through GEO-3.
• two SR-IOV interfaces on each GEO port that are available for virtual machines.
• a WAN virtual switch (default name is wan-net) connected to the GEO-0 port.
• a LAN virtual switch (default name is lan-net) connected to the GEO-2 and GEO-3 ports.
• a virtual switch (default name is service-net) connected to a virtual router.
• a virtual router connected to the service-net virtual switch and the wan-net virtual switch.
Some elements are created for you by the system using default values, but you will need to manually create the router and service-net virtual switch.
After your virtual environment is in place, you can create the appliance, assign interfaces, and then deploy the environment including the appliance.
Order is important when creating and connecting virtual interfaces. Virtual interfaces must be created and connected in this order: primary, auxiliary, LAN, and WAN.
Order | SteelHead-v interface | Assign to | Type |
1 | primary | LAN-side vswitch | virtio |
2 | auxiliary | GEO-1 | virtio |
3 | LAN_0 | GEO-3 | virtio |
4 | WAN_0 | WAN-side router | virtio |
Remove the connection between the GEO-3 port from the lan-net virtual switch. To do so, choose VM Life Cycle > Networking. In the Networks & Bridges section, find the row for the lan-net virtual switch, and click the edit icon (blue pencil). In the lan-net virtual switch details page, find the Interfaces field and remote GEO-3, and then click Submit.
Choose VM Life Cycle > Deploy. Drag and drop an Other icon from the palette at the top of the VM Deployment page to an open space in the canvas below. Ensure the Other icon on the canvas is selected, and then under VM Details specify these items:
VM Name specifies the name for the SteelHead-v.
Image specifies the .tar.gz image.
Profile selects the profile.
Deployment Disk specifies Internal. For the Cisco 5100 Series ENCS, this item must be set to Internal.
One at a time, drag and drop NETWORK icons onto the canvas, connecting one end of each to the appliance and the other end to the lan-net virtual switch.
• For the first NETWORK icon, ensure vNIC ID under vNIC Details is set to 0.
• For the second NETWORK icon, connect the other end to the GEO-1 port. Ensure that the vNIC ID is set to 1.
• For the third NETWORK icon, connect the other end to the GEO-3 port. Ensure that the vNIC ID is set to 2. This will be the LAN_0 interface.
• For the fourth NETWORK icon, connect the other end to the service-net virtual switch. Ensure the vNIC ID is set to 3. This will be the WAN_0 interface.
Deploy the setup. Deployment is complete when the status of the virtual machine changes from Deploying to Active.
Start the appliance. Startup is complete when the console displays a login prompt.