Cisco SD-WAN Cloud onRamp for Colocation Solution
Find all the information you need about this release—new features, known behavior, resolved and open bugs, and related information.
About Cisco SD-WAN Cloud onRamp for Colocation Solution
Cisco SD-WAN Cloud onRamp for Colocation solution is a flexible architecture that securely connects to enterprise applications that are hosted in the enterprise data center, public cloud, private or hybrid cloud to an enterprise’s endpoints such as, employees, devices, customers, or partners. This functionality is achieved by using Cisco Cloud Services Platform 5000 series (CSP- 5444, CSP-5456) as the base Network Function Virtualization (NFV) platform that securely connects enterprise's endpoints to applications. By deploying Cisco SD-WAN Cloud onRamp for Colocation solution in colocation centers, customers can virtualize network services and other applications, and consolidate them into a single platform.
The components of Cisco SD-WAN Cloud onRamp for Colocation solution are:
-
CSP-5444, CSP-5456—Cisco CSP is an x86 Linux hardware platform that runs NFVIS software. It is used as the compute platform for hosting the virtual network functions in the Cisco SD-WAN Cloud onRamp for Colocation solution. The whole solution can scale horizontally. You can have up to eight Cisco CSP devices. Depending on the load requirement, you can have anywhere from two to eight compute platforms in a cluster.
-
Cisco Network Function Virtualization Infrastructure Software (NFVIS)—The Cisco NFVIS software is used as the base virtualization infrastructure software running on the x86 compute platform.
-
Virtual Network Functions (VNFs)—The Cisco SD-WAN Cloud onRamp for Colocation solution supports both Cisco-developed and third-party virtual network functions.
-
Physical Network Functions—A Physical Network Function (PNF) is a physical device that is dedicated to provide a specific network function as part of a colocation service chain such as router, firewall.
-
Network Fabric—Forwards traffic between the VNFs in a service chain by using a L2 and VLAN-based lookup.
-
Mangement Network—A separate management network connects the NFVIS software running on the Cisco CSP systems, the virtual network functions, and the switches in the fabric. This management network is also used for transferring files and images into and out of the systems. The Out of Band (OOB) management switch configures the management network.
-
VNF Network Connectivity—A VNF can be connected to the physical network by using either Single Root IO Virtualization (SR-IOV) or through a software virtual switch. A VNF can have one or more virtual network interfaces (vNICs), which can be directly or indirectly connected to the physical network interfaces. A physical network interface can be connected to a software virtual switch and one or more VNFs can share the virtual switch. The Cisco SD-WAN Cloud onRamp for Colocation solution manages the creation of virtual switch instances and the virtual NIC membership to create connectivity.
-
Physical Network Function Network Connectivity—A PNF can be connected to the Cisco Catalyst 9500-40X or Cisco Catalyst 9500-48Y4C switch port, which is kept free towards backend.
-
Service Chains—In Cisco SD-WAN Cloud onRamp for Colocation solution deployment, the traffic between the VNFs (with SR-IOV) running on the Cisco CSP systems is connected by service chaining externally through Catalyst 9500 switches.
-
Cisco Colo Manager (CCM)—This component is a software stack that manages a colocation. In this solution, CCM is hosted on NFVIS software in a docker container. A single CCM instance per cluster is brought up in one of the Cisco CSPs after activating a cluster.
-
Orchestration using Cisco vManage— Cisco vManage is used for orchestrating the Cisco SD-WAN Cloud onRamp for Colocation solution.
Essentially, you can purchase the CSP and Catalyst 9500 devices, add them in colocation centers, power them, and cable them. These devices automatically boot up and are managed by Cisco vManage. Next, design service chains, build security policies and application policies to impact the network traffic.
Software Requirements Matrix
Software Matrix
The following are the supported versions for Cisco Enterprise NFV Infrastructure Software, Cisco vManage, Cisco vBond Orchestrator, Cisco vSmart Controller, and Cisco Catalyst 9500 switches.
|
Software |
Version |
|---|---|
| Cisco vManage | Cisco vManage Release 20.5.1 |
| Cisco vBond Orchestrator | Cisco SD-WAN Release 20.5.1 |
| Cisco vSmart Controller | Cisco SD-WAN Release 20.5.1 |
|
Cisco Enterprise NFV Infrastructure Software (NFVIS) |
Release 4.5.1 |
| Cisco Catalyst 9500-40X and Cisco Catalyst 9500-48Y4C | Release 17.3.1, 17.3.3 |
All release-specific information for Cisco vSmart Controllers, Cisco vBond Orchestrators, Cisco vManage is included in Cisco SD-WAN Release Notes.
The supported VNFs and Cisco PNFs in this solution are:
 Note |
You must procure license for the required VNFs. Alternatively, you can choose to bring your own Day-0 configuration and repackage the VNFs, if required. |
|
VNF |
Version |
|---|---|
| Cisco CSR1000V |
17.1.1, 17.2, 17.3.1a |
|
Cisco Catalyst 8000V |
17.4.1a |
|
Cisco IOS XE SD-WAN Device |
16.12.2r, 17.2.1r, 17.3.1a |
|
Cisco ASAv |
9.12.2, 9.13.1, 9.15.1 |
|
Cisco FTDv/NGFW |
6.4.0.1, 6.5.0-115, 6.6.3 |
|
Cisco vEdge Cloud Router |
19.2.1, 20.1.1, 20.3.1, 20.4.1 |
|
VNF |
Version |
|---|---|
|
Palo Alto Firewall (PAFW) |
9.0.0 |
|
Fortinet Firewall |
6.0.2 |
|
CheckPoint |
R80.30, R80.40 |
|
PNF |
Version |
|---|---|
|
Cisco FTD Model: FPR-9300 |
6.4.0.1, 6.5 |
|
Cisco ASR 1000 Series |
17.1, 17.2, 17.3 |
New Features
-
Colocation Multitenancy Using Role-Based Access Control: This feature enables a service provider to manage multiple tenant colocation clusters by using multiple colocation groups. In a multitenant setup, service providers don't need to deploy a unique colocation cluster for each tenant. Instead, the hardware resources of a colocation cluster are shared across multiple tenants. With multitenancy, service providers ensure that tenants view only their data by restricting access based on roles of individual tenant users.
-
RMA Support for Cisco CSP Devices: This feature allows you to replace a corrupt CSP device by creating backup copies of the device, and then restoring the replacement device to a state it was in before the replacement. The VMs running in HA mode operate uninterrupted with continuous flow of traffic during device replacement.
-
Clone Service Groups in Cisco vManage: This feature allows you to create copies of service groups for different RBAC users, without having to enter the same configuration information multiple times. By cloning a service group, you can easily create service chains by leveraging the stored service chain templates.
-
HA VNF NIC Placement for Switch Redundancy: This feature provides an optimum placement of service chains and therefore maximizes the resource utilization while accounting for switch redundancy. The VNICs of the HA primary and secondary instances are placed on alternate switch interfaces to achieve redundancy at switch level.
Important Note
Deactivate cluster workflow is not supported: The workflow to deactivate a cluster and then subsequently activate the cluster is not supported through vManage. Therefore, it is recommended to delete and recreate the cluster, instead.
Resolved and Open Bugs
About the Cisco Bug Search Tool
Use the Cisco Bug Search Tool to access open and resolved bugs for a release.
The tool allows you to search for a specific bug ID, or for all bugs specific to a product and a release.
You can filter the search results by last modified date, bug status (open, resolved), severity, rating, and support cases.
Bugs for Cisco SD-WAN Cloud OnRamp for Colocation Solution Release 20.5.1
This section details all fixed and open bugs for this release. These are available in the Cisco Bug Search Tool through the Resolved Bug Search.
Resolved Bugs for Cisco vManage
All resolved vManage bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.
|
Bud ID |
Description |
|---|---|
|
Attaching a shared service chain with only one VNF in the chain causes failure. |
|
| CSCvw31595 | SG attach fails with Placement Failed Error - VM BW not met even though there are no SC's attached. |
|
SG attach fails with error Failed to update configuration-Exception in interface xml {} null. |
|
| CSCvu81265 |
Allocated + Available is not equal to Total CPU/Memory in vManage UI. |
|
Attaching Shared VNF as a single instance fails - java.lang.IndexOutOfBoundsException: Index: 1. |
|
|
In multi-cluster case, when one cluster CCM task is in progress, VNF install fails on other cluster. |
|
|
VNF stats shows empty for 1 hr data in network util/CPU util/Memory util/disk util. |
|
|
ServiceChain Health Monitoring stats is empty for the last 1 hr data - "No data to Display". |
Resolved Bugs for Device
All resolved device bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.
|
Bud ID |
Description |
|---|---|
|
Attaching or detaching of service groups fails due to configuration database being locked by session. |
|
|
The attaching or detaching service chain causes failure some times and vManage shows the error–Outstanding changes in database on CSP. |
|
|
pkt capture on VM OVS VNIC is not working for VMs that are deployed in Cisco NFVIS 4.1.1, 4.2.1, and master. |
Open Bugs for Cisco vManage
All open Cisco vManage bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.
|
Bug ID |
Description |
|---|---|
|
vManage template attach to CSP results in application error in CSP RMA use case if CSP is hosting CCM. |
|
|
When trying to detach a service chain from cluster, if all steps are not completed by clicking complete and instead you go back to the browser, the detach option changes to attach option. |
|
|
Editing and updating the description field of service group does not get saved. |
|
|
Modifying a High Availability (HA) enabled service group to Non-HA service group returns an error and deletes all service chains in that Service Group. |
|
|
PAFW Day-0 configuration should have unique UUID and if it is changed to a variable, vManage cannot generate value for that UUID causing template attach of service chain to fail. |
|
|
A service group containing shared service chain with first and last NF shared, if the middle VNFs have a combination of firewalls in transparent and routed mode, it causes template attach failure. |
|
|
A non-shared service chain cannot connect to multiple providers terminating different VLANs. |
|
|
Service chain does not get attached if service chain QoS bandwidth is greater than 5GBPS. |
|
|
Deleting and adding a service chain with same name for the same transaction retruns an error. |
|
|
In the monitoring screen, Real-Time pnic_stats on vManage UI doesnt show Tx packets. |
|
| Need to add deactivate option for cluster when it is stuck in init state. | |
|
User doesn't click configure option with detach/attach causing device to be out of sync with vManage. |
|
| Service group attach fails with error - "Error - Cannot create. Image already exists". | |
|
In multi-cluster case, when one cluster CCM task is in-progress, VNF install fails on other cluster. |
|
|
Adding a new servicew chain to an attached service group when no resources are available saves service chain although service chain isn't provisioned. |
|
|
When NTP is incorrectly entered as 72.163.32, it causes traffic blackhole as VLAN configuration is rejected by switch. |
|
|
vManage should not allow user to configure Backup Server Settings when cluster is inactive. |
|
|
After Upgrade, the Allocated+Available is not equal to Total Memory/Disk in Cisco vManage UI for a single-tenant cluster. |
|
|
Traffic fails when Cisco Catalyst 8000V is a single VNF chain and shared with another chain with firewall as the first VNF. |
|
|
If service group is detached before VNF install completes, configuration database is locked. |
|
|
Add/Delete CSP with system ip conflict error followed by sync results in vManage time out. |
|
|
vManage should mark multitenant cluster from Activate state to failure when template push fails. |
|
|
Placement fails even if resources available with combination of SA and HA VNF's in the chain. |
|
|
VNF State shows green on vManage while VNF Install is still in progress and VNF is yet to be deployed. |
|
|
After vManage upgrade, bandwidth values for SRIOV PNICs are considered 10240 instead of 10000. |
|
|
UI needs to validate RBAC username, not to have space in colocation cluster credentials page. |
|
|
In vManage Monitor, the oubound VNIC of th first shared VNF shows other VLANs as well along with data VLANs. |
|
|
After upgrading CSPs, data collection is stuck at queued state for CSPs in Rediscover Network. |
|
|
In vManage Monitor > Network Functions, the last shared VNF that is deployed is not updated as shared VNF. |
|
|
VNF Actions, START/STOP/ RESTART from the tenant page results in ERROR. |
|
|
Service chain cloning: give specific error message when CSV file upload fails. |
Open Bugs for Device
All open device bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.
|
Bug ID |
Description |
|---|---|
|
VM monitoring state toggles between ‘Deploying’ and ‘Alive’ temporarily. |
|
|
Cluster activation failure due to management interface administratively down on Catalyst 9500-40X switch. |
|
|
The service chain health monitoring fails on ~8 IPSEC terminated tunnels - eth105'. Failed to check data path health. |
|
|
Cisco ASAv fails to boot up intermittently and is stuck. |
|
| Template push failed - the configuration database is locked - sendLwmonMaapiDeletePayload. | |
|
NTP Clock doesn't sync causing certification install to fail on CSP. |
|
|
Traffic fails when the VNF is in single VNF chain and also shared in the last position is provisioned. |
|
|
Traffic fails when service group attach in template push to CCM fails - "Exception in Interface xml {} null". |
|
|
Reattach service chain before detach complete results in template push fail- "Flavor already exists ". |
|
|
VNF is Alive but the VNF image is not validated due to length > 128, VNF Install detach/attach. |
|
|
One VM is in error state after hostaction reboot. |
|
|
CSP device upgrade showed Success on vManage UI even though device rolled back. |
|
|
After hostaction reboot , the VMs are stuck in rebooting state and multiple subsystems stopped on UCSC. |
Related Documentation
-
Release Notes for Cisco Enterprise Network Function Virtualization Infrastructure Software
-
Solution User Guides for Cisco SD-WAN Cloud OnRamp for Colocation
-
Configuration Guides for Cisco Enterprise Network Function Virtualization Infrastructure Software
-
Configuration Guides for Cisco Network Plug and Play Application
Feedback