Cisco SD-WAN Cloud onRamp for Colocation Solution

Find all the information you need about this release—new features, known behavior, resolved and open bugs, and related information.

About Cisco SD-WAN Cloud onRamp for Colocation Solution

Cisco SD-WAN Cloud onRamp for Colocation solution is a flexible architecture that securely connects to enterprise applications that are hosted in the enterprise data center, public cloud, private or hybrid cloud to an enterprise’s endpoints such as, employees, devices, customers, or partners. This functionality is achieved by using Cisco Cloud Services Platform 5000 series (CSP- 5444, CSP-5456) as the base Network Function Virtualization (NFV) platform that securely connects enterprise's endpoints to applications. By deploying Cisco SD-WAN Cloud onRamp for Colocation solution in colocation centers, customers can virtualize network services and other applications, and consolidate them into a single platform.

The components of Cisco SD-WAN Cloud onRamp for Colocation solution are:

  • CSP-5444, CSP-5456—Cisco CSP is an x86 Linux hardware platform that runs NFVIS software. It is used as the compute platform for hosting the virtual network functions in the Cisco SD-WAN Cloud onRamp for Colocation solution. The whole solution can scale horizontally. You can have up to eight Cisco CSP devices. Depending on the load requirement, you can have anywhere from two to eight compute platforms in a cluster.

  • Cisco Network Function Virtualization Infrastructure Software (NFVIS)—The Cisco NFVIS software is used as the base virtualization infrastructure software running on the x86 compute platform.

  • Virtual Network Functions (VNFs)—The Cisco SD-WAN Cloud onRamp for Colocation solution supports both Cisco-developed and third-party virtual network functions.

  • Physical Network Functions—A Physical Network Function (PNF) is a physical device that is dedicated to provide a specific network function as part of a colocation service chain such as router, firewall.

  • Network Fabric—Forwards traffic between the VNFs in a service chain by using a L2 and VLAN-based lookup.

  • Mangement Network—A separate management network connects the NFVIS software running on the Cisco CSP systems, the virtual network functions, and the switches in the fabric. This management network is also used for transferring files and images into and out of the systems. The Out of Band (OOB) management switch configures the management network.

  • VNF Network Connectivity—A VNF can be connected to the physical network by using either Single Root IO Virtualization (SR-IOV) or through a software virtual switch. A VNF can have one or more virtual network interfaces (vNICs), which can be directly or indirectly connected to the physical network interfaces. A physical network interface can be connected to a software virtual switch and one or more VNFs can share the virtual switch. The Cisco SD-WAN Cloud onRamp for Colocation solution manages the creation of virtual switch instances and the virtual NIC membership to create connectivity.

  • Physical Network Function Network Connectivity—A PNF can be connected to the Cisco Catalyst 9500-40X or Cisco Catalyst 9500-48Y4C switch port, which is kept free towards backend.

  • Service Chains—In Cisco SD-WAN Cloud onRamp for Colocation solution deployment, the traffic between the VNFs (with SR-IOV) running on the Cisco CSP systems is connected by service chaining externally through Catalyst 9500 switches.

  • Cisco Colo Manager (CCM)—This component is a software stack that manages a colocation. In this solution, CCM is hosted on NFVIS software in a docker container. A single CCM instance per cluster is brought up in one of the Cisco CSPs after activating a cluster.

  • Orchestration using Cisco vManage— Cisco vManage is used for orchestrating the Cisco SD-WAN Cloud onRamp for Colocation solution.

Essentially, you can purchase the CSP and Catalyst 9500 devices, add them in colocation centers, power them, and cable them. These devices automatically boot up and are managed by Cisco vManage. Next, design service chains, build security policies and application policies to impact the network traffic.

Software Requirements Matrix

Software Matrix

The following are the supported versions for Cisco Enterprise NFV Infrastructure Software, Cisco vManage, Cisco vBond Orchestrator, Cisco vSmart Controller, and Cisco Catalyst 9500 switches.

Software

Version

Cisco vManage Cisco vManage Release 20.5.1
Cisco vBond Orchestrator Cisco SD-WAN Release 20.5.1
Cisco vSmart Controller Cisco SD-WAN Release 20.5.1

Cisco Enterprise NFV Infrastructure Software (NFVIS)

Release 4.5.1

Cisco Catalyst 9500-40X and Cisco Catalyst 9500-48Y4C Release 17.3.1, 17.3.3

All release-specific information for Cisco vSmart Controllers, Cisco vBond Orchestrators, Cisco vManage is included in Cisco SD-WAN Release Notes.

The supported VNFs and Cisco PNFs in this solution are:


Note

You must procure license for the required VNFs. Alternatively, you can choose to bring your own Day-0 configuration and repackage the VNFs, if required.


Table 1. Validated Cisco VNFs

VNF

Version

Cisco CSR1000V

17.1.1, 17.2, 17.3.1a

Cisco Catalyst 8000V

17.4.1a

Cisco IOS XE SD-WAN Device

16.12.2r, 17.2.1r, 17.3.1a

Cisco ASAv

9.12.2, 9.13.1, 9.15.1

Cisco FTDv/NGFW

6.4.0.1, 6.5.0-115, 6.6.3

Cisco vEdge Cloud Router

19.2.1, 20.1.1, 20.3.1, 20.4.1

Table 2. Validated Third-party VNFs

VNF

Version

Palo Alto Firewall (PAFW)

9.0.0

Fortinet Firewall

6.0.2

CheckPoint

R80.30, R80.40

Table 3. Validated Cisco PNFs

PNF

Version

Cisco FTD

Model: FPR-9300

6.4.0.1, 6.5

Cisco ASR 1000 Series

17.1, 17.2, 17.3

New Features

  • Colocation Multitenancy Using Role-Based Access Control: This feature enables a service provider to manage multiple tenant colocation clusters by using multiple colocation groups. In a multitenant setup, service providers don't need to deploy a unique colocation cluster for each tenant. Instead, the hardware resources of a colocation cluster are shared across multiple tenants. With multitenancy, service providers ensure that tenants view only their data by restricting access based on roles of individual tenant users.

  • RMA Support for Cisco CSP Devices: This feature allows you to replace a corrupt CSP device by creating backup copies of the device, and then restoring the replacement device to a state it was in before the replacement. The VMs running in HA mode operate uninterrupted with continuous flow of traffic during device replacement.

  • Clone Service Groups in Cisco vManage: This feature allows you to create copies of service groups for different RBAC users, without having to enter the same configuration information multiple times. By cloning a service group, you can easily create service chains by leveraging the stored service chain templates.

  • HA VNF NIC Placement for Switch Redundancy: This feature provides an optimum placement of service chains and therefore maximizes the resource utilization while accounting for switch redundancy. The VNICs of the HA primary and secondary instances are placed on alternate switch interfaces to achieve redundancy at switch level.

Important Note

Deactivate cluster workflow is not supported: The workflow to deactivate a cluster and then subsequently activate the cluster is not supported through vManage. Therefore, it is recommended to delete and recreate the cluster, instead.

Resolved and Open Bugs

About the Cisco Bug Search Tool

Use the Cisco Bug Search Tool to access open and resolved bugs for a release.

The tool allows you to search for a specific bug ID, or for all bugs specific to a product and a release.

You can filter the search results by last modified date, bug status (open, resolved), severity, rating, and support cases.

Bugs for Cisco SD-WAN Cloud OnRamp for Colocation Solution Release 20.5.1

This section details all fixed and open bugs for this release. These are available in the Cisco Bug Search Tool through the Resolved Bug Search.

Resolved Bugs for Cisco vManage

All resolved vManage bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.

Bud ID

Description

CSCvr59276

Attaching a shared service chain with only one VNF in the chain causes failure.

CSCvw31595 SG attach fails with Placement Failed Error - VM BW not met even though there are no SC's attached.

CSCvw70538

SG attach fails with error Failed to update configuration-Exception in interface xml {} null.

CSCvu81265

Allocated + Available is not equal to Total CPU/Memory in vManage UI.

CSCvr59276

Attaching Shared VNF as a single instance fails - java.lang.IndexOutOfBoundsException: Index: 1.

CSCvw51248

In multi-cluster case, when one cluster CCM task is in progress, VNF install fails on other cluster.

CSCvw86260

VNF stats shows empty for 1 hr data in network util/CPU util/Memory util/disk util.

CSCvw86269

ServiceChain Health Monitoring stats is empty for the last 1 hr data - "No data to Display".

Resolved Bugs for Device

All resolved device bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.

Bud ID

Description

CSCvo66687

Attaching or detaching of service groups fails due to configuration database being locked by session.

CSCvo83560

The attaching or detaching service chain causes failure some times and vManage shows the error–Outstanding changes in database on CSP.

CSCvu92703

pkt capture on VM OVS VNIC is not working for VMs that are deployed in Cisco NFVIS 4.1.1, 4.2.1, and master.

Open Bugs for Cisco vManage

All open Cisco vManage bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.

Bug ID

Description

CSCvt13638

vManage template attach to CSP results in application error in CSP RMA use case if CSP is hosting CCM.

CSCvn25349

When trying to detach a service chain from cluster, if all steps are not completed by clicking complete and instead you go back to the browser, the detach option changes to attach option.

CSCvq30141

Editing and updating the description field of service group does not get saved.

CSCvq56847

Modifying a High Availability (HA) enabled service group to Non-HA service group returns an error and deletes all service chains in that Service Group.

CSCvp07407

PAFW Day-0 configuration should have unique UUID and if it is changed to a variable, vManage cannot generate value for that UUID causing template attach of service chain to fail.

CSCvq58527

A service group containing shared service chain with first and last NF shared, if the middle VNFs have a combination of firewalls in transparent and routed mode, it causes template attach failure.

CSCvr59253

A non-shared service chain cannot connect to multiple providers terminating different VLANs.

CSCvt11875

Service chain does not get attached if service chain QoS bandwidth is greater than 5GBPS.

CSCvv16912

Deleting and adding a service chain with same name for the same transaction retruns an error.

CSCvw65312

In the monitoring screen, Real-Time pnic_stats on vManage UI doesnt show Tx packets.

CSCvs66726

Need to add deactivate option for cluster when it is stuck in init state.

CSCvv89990

User doesn't click configure option with detach/attach causing device to be out of sync with vManage.

CSCvw55666

Service group attach fails with error - "Error - Cannot create. Image already exists".

CSCvx46586

In multi-cluster case, when one cluster CCM task is in-progress, VNF install fails on other cluster.

CSCvx70706

Adding a new servicew chain to an attached service group when no resources are available saves service chain although service chain isn't provisioned.

CSCvx72038

When NTP is incorrectly entered as 72.163.32, it causes traffic blackhole as VLAN configuration is rejected by switch.

CSCvx73461

vManage should not allow user to configure Backup Server Settings when cluster is inactive.

CSCvx76841

After Upgrade, the Allocated+Available is not equal to Total Memory/Disk in Cisco vManage UI for a single-tenant cluster.

CSCvx78457

Traffic fails when Cisco Catalyst 8000V is a single VNF chain and shared with another chain with firewall as the first VNF.

CSCvx81784

If service group is detached before VNF install completes, configuration database is locked.

CSCvw59140

Add/Delete CSP with system ip conflict error followed by sync results in vManage time out.

CSCvx15189

vManage should mark multitenant cluster from Activate state to failure when template push fails.

CSCvx16732

Placement fails even if resources available with combination of SA and HA VNF's in the chain.

CSCvx19565

VNF State shows green on vManage while VNF Install is still in progress and VNF is yet to be deployed.

CSCvx46477

After vManage upgrade, bandwidth values for SRIOV PNICs are considered 10240 instead of 10000.

CSCvx64456

UI needs to validate RBAC username, not to have space in colocation cluster credentials page.

CSCvx78290

In vManage Monitor, the oubound VNIC of th first shared VNF shows other VLANs as well along with data VLANs.

CSCvx85271

After upgrading CSPs, data collection is stuck at queued state for CSPs in Rediscover Network.

CSCvx87818

In vManage Monitor > Network Functions, the last shared VNF that is deployed is not updated as shared VNF.

CSCvx89969

VNF Actions, START/STOP/ RESTART from the tenant page results in ERROR.

CSCvx89510

Service chain cloning: give specific error message when CSV file upload fails.

Open Bugs for Device

All open device bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.

Bug ID

Description

CSCvt99475

VM monitoring state toggles between ‘Deploying’ and ‘Alive’ temporarily.

CSCvt99640

Cluster activation failure due to management interface administratively down on Catalyst 9500-40X switch.

CSCvu69272

The service chain health monitoring fails on ~8 IPSEC terminated tunnels - eth105'. Failed to check data path health.

CSCvu69796

Cisco ASAv fails to boot up intermittently and is stuck.

CSCvw77493

Template push failed - the configuration database is locked - sendLwmonMaapiDeletePayload.

CSCvw86346

NTP Clock doesn't sync causing certification install to fail on CSP.

CSCvx73306

Traffic fails when the VNF is in single VNF chain and also shared in the last position is provisioned.

CSCvx83666

Traffic fails when service group attach in template push to CCM fails - "Exception in Interface xml {} null".

CSCvx90014

Reattach service chain before detach complete results in template push fail- "Flavor already exists ".

CSCvx78489

VNF is Alive but the VNF image is not validated due to length > 128, VNF Install detach/attach.

CSCvx86544

One VM is in error state after hostaction reboot.

CSCvx87971

CSP device upgrade showed Success on vManage UI even though device rolled back.

CSCvx96852

After hostaction reboot , the VMs are stuck in rebooting state and multiple subsystems stopped on UCSC.

Related Documentation