Cisco SD-WAN Cloud onRamp for CoLocation Solution

Find all the information you need about this release—new features, known behavior, resolved and open bugs, and related information.

About Cisco SD-WAN Cloud onRamp for CoLocation Solution

Cisco SD-WAN Cloud onRamp for CoLocation solution is a flexible architecture that securely connects to enterprise applications that are hosted in the enterprise data center, public cloud, private or hybrid cloud to an enterprise’s endpoints such as, employees, devices, customers, or partners. This functionality is achieved by using Cisco Cloud Services Platform 5000 series (CSP- 5444, CSP-5456) as the base Network Function Virtualization (NFV) platform that securely connects enterprise's endpoints to applications. By deploying Cisco SD-WAN Cloud onRamp for CoLocation solution in colocation centers, customers can virtualize network services and other applications, and consolidate them into a single platform.

The components of Cisco SD-WAN Cloud onRamp for CoLocation solution are:

  • CSP-5444, CSP-5456—Cisco CSP is an x86 Linux hardware platform that runs NFVIS software. It is used as the compute platform for hosting the virtual network functions in the Cisco SD-WAN Cloud onRamp for CoLocation solution. The whole solution can scale horizontally. You can have up to eight Cisco CSP devices. Depending on the load requirement, you can have anywhere from two to eight compute platforms in a cluster.

  • Cisco Network Function Virtualization Infrastructure Software (NFVIS)—The Cisco NFVIS software is used as the base virtualization infrastructure software running on the x86 compute platform.

  • Virtual Network Functions (VNFs)—The Cisco SD-WAN Cloud onRamp for CoLocation solution supports both Cisco-developed and third-party virtual network functions.

  • Physical Network Functions—A Physical Network Function (PNF) is a physical device that is dedicated to provide a specific network function as part of a colocation service chain such as router, firewall.

  • Network Fabric—Forwards traffic between the VNFs in a service chain by using a L2 and VLAN-based lookup.

  • Mangement Network—A separate management network connects the NFVIS software running on the Cisco CSP systems, the virtual network functions, and the switches in the fabric. This management network is also used for transferring files and images into and out of the systems. The Out of Band (OOB) management switch configures the management network.

  • VNF Network Connectivity—A VNF can be connected to the physical network by using either Single Root IO Virtualization (SR-IOV) or through a software virtual switch. A VNF can have one or more virtual network interfaces (vNICs), which can be directly or indirectly connected to the physical network interfaces. A physical network interface can be connected to a software virtual switch and one or more VNFs can share the virtual switch. The Cisco SD-WAN Cloud onRamp for CoLocation solution manages the creation of virtual switch instances and the virtual NIC membership to create connectivity.

  • Physical Network Function Network Connectivity—A PNF can be connected to the Cisco Catalyst 9500-40X or Cisco Catalyst 9500-48Y4C switch port, which is kept free towards backend.

  • Service Chains—In Cisco SD-WAN Cloud onRamp for CoLocation solution deployment, the traffic between the VNFs (with SR-IOV) running on the Cisco CSP systems is connected by service chaining externally through Catalyst 9500 switches.

  • Cisco Colo Manager (CCM)—This component is a software stack that manages a colocation. In this solution, CCM is hosted on NFVIS software in a docker container. A single CCM instance per cluster is brought up in one of the Cisco CSPs after activating a cluster.

  • Orchestration through vManage— vManage is used for orchestrating the Cisco SD-WAN Cloud onRamp for CoLocation solution.

Essentially, you can purchase the devices, add them in colocation centers, power them, cable them and devices automatically boot up, bootstrap themselves and get managed by vManage. Then, go ahead with designing service chains, building security policies and application policies, that will influence the network traffic.

Software Requirements Matrix

Software Matrix

The following are the supported versions for Cisco Enterprise NFV Infrastructure Software, Cisco vManage, Cisco vBond Orchestrator, Cisco vSmart Controller, and Cisco Catalyst 9500 switches.

Software

Version

Cisco vManage Cisco vManage Release 20.4.1
Cisco vBond Orchestrator Cisco SD-WAN Release 20.4.1
Cisco vSmart Controller Cisco SD-WAN Release 20.4.1

Cisco Enterprise NFV Infrastructure Software (NFVIS)

Release 4.4.1

Cisco Catalyst 9500-40X and Cisco Catalyst 9500-48Y4C Release 17.3.1

All release-specific information for Cisco vSmart Controllers, Cisco vBond Orchestrators, Cisco vManage is included in Cisco SD-WAN Release Notes.

The supported VNFs and Cisco PNFs in this solution are:


Note

You must procure license for the required VNFs. Alternatively, you can choose to bring your own Day-0 configuration and repackage the VNFs, if required.


Table 1. Validated Cisco VNFs

VNF

Version

Cisco CSR1000V

17.1.1, 17.2, 17.3

Cisco Catalyst 8000V

17.4.1a

Cisco IOS XE SD-WAN Device

16.12.2r, 17.2.1r, 17.3.1a

Cisco ASAv

9.12.2, 9.13.1, 9.15.1

Cisco FTDv/NGFW

6.4.0.1, 6.5.0-115

Cisco vEdge Cloud Router

19.2.1, 20.1.1, 20.3.1

Table 2. Validated Third-party VNFs

VNF

Version

Palo Alto Firewall (PAFW)

9.0.0

Fortinet Firewall

6.0.2

CheckPoint

R80.30, R80.40

Table 3. Validated Cisco PNFs

PNF

Version

Cisco FTD

Model: FPR-9300

6.4.0.1, 6.5

Cisco ASR 1000 Series

17.1, 17.2, 17.3

New Features

Important Note

Deactivate cluster workflow is not supported: The workflow to deactivate a cluster and then subsequently activate the cluster is not supported through vManage. Therefore, it is recommended to delete and recreate the cluster, instead.

Resolved and Open Bugs

About the Cisco Bug Search Tool

Use the Cisco Bug Search Tool to access open and resolved bugs for a release.

The tool allows you to search for a specific bug ID, or for all bugs specific to a product and a release.

You can filter the search results by last modified date, bug status (open, resolved), severity, rating, and support cases.

Bugs for Cisco SD-WAN Cloud OnRamp for Colocation Solution Release 20.4.1

This section details all fixed and open bugs for this release. These are available in the Cisco Bug Search Tool through the Resolved Bug Search.

Resolved Bugs for Cisco vManage

All resolved vManage bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.

Bud ID

Description

CSCvt92077

Ping Failure on ASAv - 9.13 after CAT9k reboot.

CSCvu60738

vManage changes cluster state to active even though infraresources api fails.

Resolved Bugs for Device

All resolved device bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.

Bud ID

Description

CSCvv00456

Device should send a notification message if the container creation fails.

Open Bugs for Cisco vManage

All open Cisco vManage bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.

Bug ID

Description

CSCvt13638

vManage template attach to CSP results in application error in CSP RMA use case if CSP is hosting CCM.

CSCvn25349

When trying to detach a service chain from cluster, if all steps are not completed by clicking complete and instead you go back to the browser, the detach option changes to attach option.

CSCvq30141

Editing and updating the description field of service group does not get saved.

CSCvq56847

Modifying a High Availability (HA) enabled service group to Non-HA service group returns an error and deletes all service chains in that Service Group.

CSCvp07407

PAFW Day-0 configuration should have unique UUID and if it is changed to a variable, vManage cannot generate value for that UUID causing template attach of service chain to fail.

CSCvq58527

A service group containing shared service chain with first and last NF shared, if the middle VNFs have a combination of firewalls in transparent and routed mode, it causes template attach failure.

CSCvr59253

A non-shared service chain cannot connect to multiple providers terminating different VLANs.

CSCvr59276

Attaching a shared service chain with only one VNF in the chain causes failure.

CSCvt11875

Service chain does not get attached if service chain QoS bandwidth is greater than 5GBPS.

CSCvv16912

Deleting and adding a service chain with same name for the same transaction retruns an error.

CSCvw31595 SG attach fails with Placement Failed Error - VM BW not met even though there are no SC's attached.

CSCvw70538

SG attach fails with error Failed to update configuration-Exception in interface xml {} null.

CSCvw65312

Real-Time pnic_stats on vManage UI doesnt show Tx packets.

CSCvs66726

Need to add deactivate option for cluster when it is stuck in init state.
CSCvu81265

Allocated + Available is not equal to Total CPU/Memory in vManage UI.

CSCvv89990

User doesn't click configure option with detach/attach causing device to be out of sync with vManage.

CSCvw55666

Service group attach fails with error - "Error - Cannot create. Image already exists".

CSCvr59276

Attaching Shared VNF as a single instance fails - java.lang.IndexOutOfBoundsException: Index: 1.

CSCvw51248

In multi-cluster case, when one cluster CCM task is in progress, VNF install fails on other cluster.

CSCvw86260

VNF stats shows empty for 1 hr data in network util/CPU util/Memory util/disk util.

CSCvw86269

ServiceChain Health Monitoring stats is empty for the last 1 hr data - "No data to Display".

Open Bugs for Device

All open device bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.

Bug ID

Description

CSCvo66687

Attaching or detaching of service groups fails due to configuration database being locked by session.

CSCvo83560

The attaching or detaching service chain causes failure some times and vManage shows the error–Outstanding changes in database on CSP.

CSCvt14589

The CSP device might show on CSP console: "segfault at 0 ip 00007fe3dd640901 error 4 in libc-2.17.so".

CSCvr81085

Service chain bandwidth policing (QoS) does not work if same VLANs are terminated on different service chains. Also, it does not work for shared service chains.

CSCvt55532

VLANs did not get saved to the Catalyst 9500-40X switch on service chain attach–RPC error seen on CCM.

CSCvt99475

VM monitoring state toggles between ‘Deploying’ and ‘Alive’ temporarily.

CSCvt99640

Cluster activation failure due to management interface administratively down on Catalyst 9500-40X switch

.

CSCvu69272

The service chain health monitoring state is reported as Unhealthy for all the service chains inspite of having successful end-end traffic through all the of the chains.

CSCvu92703

pkt capture on VM OVS VNIC is not working for VMs that are deployed in Cisco NFVIS 4.1.1, 4.2.1, and master.

CSCvu69796

Cisco ASAv fails to boot up intermittently and is stuck.

CSCvw77493

Template push failed - the configuration database is locked - sendLwmonMaapiDeletePayload.

CSCvu92602

Network utilization stats shows 0 for CSP Data Pnics on vManage UI.

CSCvw86346

NTP Clock doesn't sync causing certification install to fail on CSP.

Related Documentation